By James Thaler

March 3 - (The Insurer) - Financial risk and advisory firm Kroll has suffered a data breach via a phishing attack by threat actors, which exposed client invoicing and accounts payable information, along with associated email addresses, the company advised clients on Monday.

Kroll notified trading partners such as insurance companies and forensics law firms of the breach on Monday afternoon, in a memo sent by the firm’s chief information and security officer David Dunn.

The memo said that Kroll had recently become aware of a phishing attack against it that resulted in the release of accounts receivable information “which may potentially impact your organization”.

“The information released may include the name of your company, the affiliated email addresses for invoicing, and current account payable balances,” Dunn wrote.

“You should know that this did not occur as a result of any weaknesses in our system and no substantive information related to the work that Kroll does for you was included in the information that was released,” the CISO added.

Dunn said that as a result of the incident, there is the possibility that clients may receive emails from bad actors requesting that the client pay invoices and change banking information to pay parties impersonating Kroll.

The CISO said that next steps for potentially impacted clients include the recommendation that clients do not take any action and to alert Kroll if the client receives a suspicious email or has any questions regarding the matter.

“If you or members of the accounts payable team receive any suspicious emails, especially regarding banking details, do not take any action or click on any links,” Dunn wrote.

“Please know and inform your accounts payable personnel that Kroll would never solicit sensitive banking information from you via email, nor would we instruct you to update Kroll’s bank details via email,” he added.

“We are implementing additional safeguards and training within our information security protocols to prevent this issue from happening in the future,” Dunn concluded, as he thanked clients for their “understanding” and “cooperation” regarding the matter.

Kroll-owner Duff & Phelps was acquired by a private equity consortium led by Stone Point Capital and Further Global in 2020 in a $4.2 billion transaction, after which the entire firm rebranded under the Kroll name in 2022.

Among the services it provides are identity monitoring as well as digital forensics and cybersecurity incident response, along with credit monitoring.

In July 2024, a team of well-known DFIR and longtime Kroll executives that included Jim Leonard, Devon Ackerman, Ben Demonte and Grant Duncan left the company to join cybersecurity firm Cybereason to launch a new DFIR offering.

Kroll has since responded with a number of notable hires, which have included bringing aboard former Marsh executive Katherine Keefe as managing director and global cyber insurance industry lead for Kroll’s cyber insurance capabilities worldwide.

Cyber insurance industry executives have frequently commented that major cyber advisory firms, as well as insurance carriers, are frequent targets by threat actors given the nature of the sensitive client data in their possession.

Insurance brokers Marsh, Hub, Arthur J Gallagher, Ryan Specialty and Aon are among those that have experienced some form of data breach in the past, along with carriers Allianz, Zurich, MS Amlin, Lloyd’s, Crum & Forster, CNA, Chubb, Mapfre and Tokio Marine.

In an interview at the annual InsureTech Connect conference in Las Vegas in October 2022, At-Bay CEO Rotem Iram said that members of the cyber insurance ecosystem need to be vigilant and acknowledge that they themselves could be targets for security breaches, as the number of incidents targeting insurance firms is rising.

A spokesperson for Kroll did not immediately respond to a request for comment.