Erie Indemnity Corp., based in Pennsylvania, also known as Erie Insurance, is inspecting a network attack. Erie Insurance, one of the Fortune 500 companies, offers a selection of insurance plans, which include life insurance, car insurance, Medicare supplements, and cyber insurance.
Based on the Form 8-K filing made by Erie Insurance with the U.S. Securities and Exchange Commission (SEC), abnormal system activity was discovered on June 7, 2025. The insurance company promptly implemented the incident response protocols to secure its network and sensitive information, such as PHI, and notified law enforcement. Erie Insurance is working with the police investigation and has hired a third-party cybersecurity company to determine the full extent, nature, and effect of the incident. It is also taking extra protective measures against similar incidents.
Because the investigation just started, it is still too early to say to what degree the breach affected policyholders’ exposed or stolen data. Erie Insurance stated that a cyberattack caused the abnormal network activity, resulting in outages and business interruptions. The incident has impacted access to its client webpage, making it difficult to file claims. Reports say that receiving company documents is delayed. Those interferences in services appear to be due to a ransomware attack. Still, Erie Insurance has not announced a ransomware attack, and no ransomware group has sent a ransom note concerning the attack.
An Information Security Event notification posted on the website of Erie Insurance mentioned that while experiencing the present outage, it won’t get in touch with clients through telephone or email to ask for payments. All policyholders were instructed to be alert and not click hyperlinks in email messages from unidentified sources or disclose any personal data through phone or email. Policyholders seeking to start a claim were told to contact the First Notice of Loss team, their area agents, or support teams as usual.
It is uncertain if there was an attempted improper use of policyholders’ information or if the website notification was solely a precautionary measure for its policyholders.