Discovery Insure call center agents duped by impersonator
NORTH CAROLINA, UNITED STATES—Insurance agency Discovery Insure revealed that fraudsters obtained the policy schedules of 19 clients by impersonating policyholders and convincing call center agents to email the sensitive documents.
The company suspects that the impersonators used information from historical third-party data breaches and data scraping techniques to pass the verification process.
High-profile victim speaks out
One of Discovery’s clients and Co-founder and CEO of Sygnia Magda Wierzycka expressed her outrage on social media, stating, “Discovery told us they have revealed our address, contact details, IDs, every item we have insured, [the] value of everything — everything to make us a target!”
She criticized Discovery Insure’s verification processes and announced her decision to cancel all her policies with the company, including her staff members’ medical aid.
I just received an email from DISCOVERY INSURE. They had a data breach. DISCOVERY told us they have revealed our address, contact details, IDs, every ITEM we have insured,value of everything – everything to make us a target! They don’t know who did it. They didn’t apologize!
I…
— Magda Wierzycka (@Magda_Wierzycka) June 5, 2024
Discovery’s response and preventive measures
In response to the breach, Discovery Insure has reported the incident to the Insurance Crime Bureau and the South African Banking Risk Information Centre. The company has also appointed forensic specialists to conduct ongoing screenings.
A spokesperson for Discovery Insure stated that the company has “taken steps to enhance our identity and verification processes to keep our clients safe.”
New security enhancements
Discovery Insure is implementing several new security measures to prevent future breaches. These include:
- Enhanced Verification Processes: Call center agents will now ask more security questions and require more specific information from callers. Clients will not be informed which questions they failed if they do not pass the verification process.
- Restricted Access to Policy Schedules: Policy schedules will no longer be available through the call center. Instead, they can only be accessed via Discovery’s secure adviser portal, the app, or the website with two-factor authentication.
- Email Address Updates: Clients can no longer update their email addresses through the call center. They can only do this through the app or the logged-in section of the website.
Discovery Insure is taking significant steps to enhance its security measures and protect its clients from fraud. The company’s proactive approach aims to prevent similar incidents in the future and restore client trust.