Millions Stripped From Struggling Car Insurance Companies
The breach, which is being investigated by the FBI, resulted in losses of $6.85 million, although some of that sum has been recovered, administration officials said.
The cyberattack was carried out at the little-known Office of the Special Assistant Receiver, a nonprofit organization that works with the director of the Illinois Department of Insurance and exists largely to protect creditors and policyholders of insurance companies. in financial difficulty or insolvent.
While state officials said little about the cyberattack, the bureau’s former chief financial officer, Douglas Harrell, told the Tribune that his email was hacked by hackers who then told others how to invest. money with what appeared to be the approval of his superiors.
Harrell said a quick call to bank officials prevented a significant loss of the $6.85 million before all transactions became final.
The agency learned of the breach July 15 and contacted the Pritzker administration and Illinois State Police, Harrell said.
The Department of Insurance places financially troubled or insolvent insurance companies with the Office of the Special Sub-Receiver to oversee receiverships, where remaining assets and distributions are managed under court supervision.
The Special Assistant Receiver was formed as a nonprofit in 1991 to “administer the assets of insolvent or financially distressed Illinois insurance companies placed in court-ordered receivership,” according to the Department of Insurance. from Illinois. The basic remains of these companies and their policyholders are placed in what are called “estates”.
The estates of two auto insurance companies – Gateway Insurance Co. and Affirmative Insurance Co. – fell victim to the cyberattack by a “criminal actor”, said Caron Brookens, spokesman for the insurance department.
The Gateway Insurance estate suffered a loss of $2,148,728 from improper wire transfers, officials said.
Affirmative Insurance’s estate initially suffered a $4,700,500 loss from illicit wire transfers, but $2,870,500 of Affirmative’s money was recovered, state officials and report say of the company.
The theft is the latest example of how online scammers view agencies in and around state government as fertile targets. Cyberattacks may have diverted more than $1 billion in unemployment checks intended for those laid off during the coronavirus pandemic in Illinois alone.
A ransomware attack in April crippled the computer systems of Democratic Attorney General Kwame Raoul’s office, costing taxpayers millions to upgrade the office as it seeks to regain its footing.
Other attacks have involved what is known as “text phishing” or “smishing,” in which false messages are sent to cell phones seeking to trick Illinois residents into clicking on false warnings about driver’s licenses so that they are involuntarily victims of computer viruses.
In an interview, Harrell said an internal review of what happened at the Special Assistant Receiver’s office showed that cybercriminals took control of his email and spied on him for two or three weeks.
“They were checking my email and giving instructions,” Harrell said. “My parents thought I was ordering them to invest in a certain way” – and that his bosses had approved the deals, he said.
Harrell said he spotted the illicit transactions “immediately” and “called everyone within two minutes” to raise the matter with senior management, including senior technology executives and attorneys.
He said he quickly called the bankers in charge of the transactions and was able to stop activity “for some transfers”, allowing them to recall some of the funds before the transactions were completed.
“What’s really too bad are the criminals just taking advantage of COVID,” Harrell said, saying he and others were working from home because of the virus. “Without a cybersecurity expert in our store…we weren’t prepared. We just didn’t know how to properly protect ourselves from cyber hackers,” especially outside of the office.
“It’s just fraud through and through,” Harrell said.
If Harrell and others had worked in the office, he said, their face-to-face communication might have prevented fraudulent activity directed by cybercriminals using fake emails.
“I was a victim,” Harrell said.
Harrell said he stayed with the agency for a few months to help resolve the issue, but also eventually offered, “as the most senior financial person,” to resign along with another top executive, Joe Harris, who was controller.
The insurance department declined to give details of the cyberattack and would not say how the money was recovered, saying it could jeopardize any investigation.
Brookens confirmed that Harrell and Harris no longer work in the Special Assistant Receiver’s office, but declined to elaborate further on why they left the agency.
People familiar with how the agency has operated over the years said that someone would be able to initiate a wire transfer, but the process would take several steps on a password-protected account. Another person will need to confirm the transaction.
Gateway sold commercial auto insurance, such as for taxis and limos, and Affirmative sold personal auto insurance, Brookens wrote in response to Tribune’s inquiries.
Despite the cyberattack, policyholders can get away with it.
“The majority of policyholder claims are covered by the Illinois or other state Guarantee Fund and therefore will not be affected,” Brookens wrote. “Because the companies are in receivership and determining the ultimate liability of policyholders will take several years, the total number of policyholders potentially affected is unknown.”
Insurance companies in liquidation are backed by a guarantee fund that draws its money from active insurance companies, which are generally required to compensate for the losses of insolvent companies. This guarantee fund covers losses related to consumer insurance.
The Office of the Special Assistant Receiver has cyber fraud insurance and recovery efforts are underway, Brookens said.
“Any exposed vulnerabilities have been assessed and (the receiver’s office) has added additional protocol and controls to ensure it can better protect against any future criminal cyberattacks,” Brookens said.
Brookens also said the Special Assistant Receiver’s office “took appropriate steps to mitigate the violation and prevent it from happening again.”
Even so, Republican Rockford Sen. Dave Syverson, minority spokesman for the upper house insurance committee, said hearings should be held to consider how the cyberattack happened and what can be done about it. prevent future problems.
Buckle Corp. of Jersey City, New Jersey, purchased the charter from Gateway Insurance Co. for $4.2 million in 2020 in a court-supervised auction in Cook County, according to Marty Young, co- founder and CEO of Buckle.
The new company did not take over the assets or liabilities of the Gateway domain, giving the new company a fresh start.
In its Sept. 30 report, company officials said, the new Gateway Insurance Co. has 20,000 to 25,000 customers nationwide, with about 2% in Illinois.
According to Mr. Buckle, only about 100 customers of the old company are among the current customers of the new company.