Ameritas has notified an unknown number of customers that their personal information may have been exposed in a data breach.
The Lincoln-based insurance and financial company said in a letter dated July 23 that several of its employees fell victim to phishing scams in May and early June that tricked them into providing their email credentials.
The company said that after it discovered the breach, it "quickly addressed the exposure by disabling the unauthorized access and deployed a mandatory enterprise-wide password reset."
A spokeswoman said it took several weeks to notify customers because Ameritas had to accurately identify those affected and make sure contact information was gathered in a consistent format for notification purposes.
Ameritas said in the letter that information that may have been exposed includes names, addresses, email addresses, Social Security numbers and policy numbers. The level of exposure may vary from person to person.
An Ameritas spokeswoman said the company is for now not publicly disclosing how many people are affected, pending final notification of regulatory authorities.
The company said it has hired Kroll Associates, a risk-consulting firm, to investigate the incident, and it since has implemented security enhancements, provided additional training to employees and contacted law enforcement.
Also as part of its contract with Kroll, Ameritas said it is providing identity and credit-monitoring services free for one year to customers who were affected.
Those interested in taking advantage of the service can go to krollbreach.idmonitoringservice.com by Oct. 6 to activate the free service using the membership number provided in the letter.
In a statement, Ameritas said it regretted the incident "and any inconvenience it may have caused Ameritas customers and business partners."
"Ameritas is committed to our customers and we work hard to earn their trust," the statement said. "Protecting customer privacy is the cornerstone of that commitment."