Philadelphia Insurance Companies hit by cyberattack, denies it's ransomware
Learn More
Philadelphia Insurance Companies are hit by what multiple cybersecurity sources describe as a "major" ransomware event for three consecutive days, forcing the company to order employees not to access the insurer's network.
The attack began on June 9, 2025 and has severely impacted the company's phone and email systems, as well as customer access to online applications. In a series of confusing communications to staff, the company initially instructed employees to report to offices in New York, Pennsylvania, and New Jersey, only to later cancel all in-office attendance entirely due to the ongoing security crisis.
This is a second attack on the insurance industry in Pennsylvania after the attack on Erie Insurance.
Senior cybersecurity industry sources have pointed to the notorious Scattered Spider threat group as the most likely perpetrator behind the PHLY attack.
The number of affected individuals and exposed types of data are not disclosed. Philadelphia Insurance policyholders who need to initiate a claim can communicate with the company via phone on 800.765.9749 (option #3).
Update - as of 23rd of June, Philadelphia Insurance claims the incident was not a ransomware attack. It reported that no systems were encrypted but did not disclose the nature of the attack. Philadelphia Insurance reports that the exposed data includes:
- names
- dates of birth
- driver’s license number
The number of affected individuals is not disclosed. The company is offering a complimentary one-year membership to identity
monitoring services which include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
