Philadelphia Insurance Companies (PHLY), a major U.S.-based property and casualty insurer, has confirmed a breach of personal data following a cyber incident that disrupted operations across multiple insurance firms in June 2024. The disclosure was made in a formal filing with the California Attorney General’s office.
The company said it identified on July 9 that files containing sensitive customer information had been accessed by an unauthorized party. Compromised data includes names, dates of birth, and driver’s license numbers.
In a notification letter sent to impacted individuals, PHLY said it is offering one year of identity monitoring services to affected customers and has since implemented enhanced security protocols to prevent further unauthorized access.
“We determined that certain personal information may have been accessed without authorization,” the company stated in its letter, assuring that efforts are underway to safeguard affected data and prevent recurrence.
Incident Linked to Broader Cyber Event Affecting Multiple Insurers
The breach occurred during a larger-scale cyber event that impacted operations at several insurers, including Philadelphia Insurance, Erie Insurance, and the First Insurance Company of Hawaii. Erie Insurance reported on July 7 that it had resumed full business functionality after experiencing weeks of network disruptions.
A forensic investigation conducted by external cybersecurity experts on Erie’s behalf concluded that no sensitive data, financial records, or legally protected information were accessed during the incident.
First Insurance and Philadelphia Insurance, both subsidiaries of Tokio Marine Holdings Inc., provided similar updates. In a statement released July 1, First Insurance clarified that the cyber incident did not involve ransomware or malware, nor were any systems encrypted. PHLY also confirmed that no ransomware was involved and that its email infrastructure was not compromised. An independent forensic investigation remains ongoing.
Company Background and Financial Standing
Philadelphia Insurance Companies operates nearly 50 offices across the United States and specializes in serving niche sectors such as nonprofit, education, and human services. The insurer underwrites a broad portfolio of commercial lines including general liability, professional liability, and commercial auto insurance.
As of the end of 2023, Philadelphia Indemnity Insurance Company, PHLY’s primary underwriting entity, reported:
- Total assets of $12.19 billion
- Net premiums of $3.52 billion
- Net income of $575.7 million
- Policyholders surplus of $3.82 billion
- A loss ratio of 62.8%, according to Weiss Ratings
The company has maintained an A++ (Superior) rating for financial strength from AM Best since 2011.
In the 2024 J.D. Power U.S. Small Commercial Insurance Study, PHLY ranked sixth overall with a customer satisfaction score of 702—slightly above the industry average of 697.
Ongoing Monitoring and Enterprise Impact
While the exact vector of the cyberattack has not been publicly disclosed, the nature of the accessed data—driver’s license numbers and other personal identifiers—raises ongoing concerns for enterprise clients and regulators alike.
The company continues to monitor for potential misuse of affected information and recommends that all impacted individuals remain vigilant against potential identity theft and fraud.
