Cyber attack: L&G suspends ties with MorganAsh over medical data incident

Investigation launched

“The security of customer data is our utmost priority and as soon as we were made aware of the incident, we immediately launched an investigation to determine the full nature and scope of what had occurred" - L&G's Emma Byron.
“The security of customer data is our utmost priority and as soon as we were made aware of the incident, we immediately launched an investigation to determine the full nature and scope of what had occurred" - L&G's Emma Byron.
  • LinkedIn  
0 Comments

Life company Legal & General has suspended its relationship with third party MorganAsh after a cyber incident at the firm risked exposing client’s medical data, Professional Adviser can reveal.

L&G uses financial services support company MorganAsh to collect information to support the quote application process for medically underwritten lifetime annuities and its Lifetime Care Plan product.

Upon hearing of the security breach at MorganAsh, L&G launched an investigation involving both internal and external IT experts.

Though it found no evidence that its customer data was compromised, L&G suspended the use of MorganAsh's services for new business quotes as a precaution until its investigation is concluded.

L&G retail retirement income managing director Emma Byron said: "We have been made aware of a data incident at MorganAsh, a third party who provide a medical data collection service on behalf of UK life insurance companies.

"The security of customer data is our utmost priority and as soon as we were made aware of the incident, we immediately launched an investigation to determine the full nature and scope of what had occurred."

She added: "While there is currently no evidence that customer data has been compromised, we have suspended use of all MorganAsh services for new business quotes as a precaution until our investigation is concluded."

A spokesperson for MorganAsh confirmed the cyber-attack took place in March at the start of the Covid-19 lockdown. They said no customer data was lost as a result of the incident, nor was there a data breach of any customer data. 

"We took immediate action and shut down our operations immediately. Our operations were shut down for 2 days while we restored our systems," they explained.

The spokesperson added: "As customer data security is the utmost important to us and our customers, we understand fully that some of our customers want independent verification of this event.

"One of our most valued clients L&G have taken an extra precautionary step to temporally suspend their work with us. We are working with them to provide them with the reassurance and comfort they need to enable them to continue to work with us in order to provide the unique and innovative services MorganAsh is renowned for. We are confident L&G will be back working with us in the next few weeks."

  • LinkedIn  

More on Your profession

More news

blog comments powered by Disqus