Insurance group Aviva has written to 550 customers in the US warning them that their personal data may have been exposed as a result of a malware infection on one of the firm's computers.
Aviva admitted the breach in a letter to the Attorney General of New Hampshire, in accordance with local legal obligations. It says the information that may have been compromised included customer social security numbers and names and/or addresses.
The insurance giant says the malware infection was picked up when the company was conducting online research to locate the most current address information for policyholders or beneficiaries whose correspondence had been returned as undeliverable.
Aviva says it has removed the infected machine from service and issued new passwords to employees whose log-in information may have been disclosed. It has also employed a team of security consultants to check its IT systems and taken steps to secure its environment against future attacks.
The firm is writing to customers potentially affected by the break-in and offering a year's free ID protection.