PHLY working to restore systems after contacting authorities over ‘suspicious activity’

(The Insurer) - Philadelphia Insurance Companies (PHLY) said it is working to get staff back online after a week-long outage, adding in an update that a forensic investigation is underway and law enforcement has been contacted after it discovered unauthorized network access last week.

The insurer said in a message posted on its website on Friday that its IT team received an alert of suspicious activity in its network late on June 9 and identified unauthorized activity in its systems.

PHLY said it responded by “proactively” disconnecting affected systems to contain the threat, while undertaking a forensic investigation and notifying law enforcement, acknowledging an outage that has affected phone and e-mail systems and online applications.

“We acknowledge the frustration and inconvenience this may have caused our customers, agents, brokers, and valued partners,” the company said.

“We fully understand how much you rely on our company, and we take that responsibility very seriously,” it added.

“Our teams have been working around the clock to resolve this issue as quickly as possible. While a return to full business operations will take time, our priority remains clear: to deliver the reliable service, responsiveness, and partnership you’ve come to expect from our company.”

PHLY started bringing staff back to a number of its offices gradually on Friday, focusing on locations that have IT personnel locally and asking staff to connect to the network via ethernet cables rather than WiFi.

Work continued over the weekend to get staff back online, which has included authenticating employees and setting up new passwords.

Cyber Risk Insurer reported last week that the attack is likely to have been carried out by threat actor group Scattered Spider.

A spokesperson for PHLY declined to comment.