report a suspected data breach, please contact NAS Insurance Company, LLC by
phone or e-mail and advise you are a Lawyers’ Mutual Insurance Company
Business Hours: (818) 382-2030
– Friday 8:00 AM – 5:00 PM Pacific
After Hours Help Line: (800) 973-7343
Failure to report a breach immediately may impact your rights to coverage.
you suspect your organization has been the victim of a cybersecurity incident
or a data breach, the first action item should be to put NAS on notice. This
will help ensure that you are not jeopardizing coverage for any costs
associated with the incident and that you are engaging experts vetted by your
carrier. If there is a breach of sensitive information, you will be
guided through the process by a NAS claims staff member, who will be assigned
to you throughout the entire process. The NAS Claims Department works with
experienced counsel and vendors and will guide you through the process.
you need to report a suspected breach, immediately call your NAS Cyber Claims
team at 818-382-2030. This phone line will be answered during regular business
hours, 8 AM to 5 PM PT, Monday through Friday. You may also send email to email@example.com.
to the following for guidance reporting the incident to your carrier and
responding to a security incident or data breach.
Immediate Response To Incident
The following steps should be followed in the case of an actual or
potential information security breach including: (a) all losses or
disclosures of confidential or sensitive information; (b) all information
security violations and problems; (c) all suspected information security
problems, vulnerabilities, and incidents; or (d) any damage to or loss of
company computer hardware, software, or information that has been entrusted
to the organization’s care.
Step 1. Contact
Step 2. Do
not turn off or reboot any systems. Record critical facts regarding the
incident (date and time when the incident was discovered, who discovered
the incident, what occurred, what systems and information were
Step 3. Secure the scene to preserve evidence. Do not allow anyone
to take any action on affected systems.
Promptly notify NAS and identify resources available under your policy
(e.g. legal, forensics, crisis management, and response vendors) to save
time and costs.
Restrict communications and use caution when discussing the incident. Limit
discussions to a need-to-know basis, with communications taking place over
the phone or face-to-face rather than email. And, avoid using the term
"breach" which can trigger legal obligations. Instead, call the
event a "security incident" or simply what it is, i.e. "a
Important Information re: Legal
Counsel: The insurance company will assign legal counsel to assist the
insured (A) in the event of a covered claim, or (B) otherwise, if it determines
that assigning legal counsel is appropriate. If you retain your own legal
counsel without the consent and approval of the insurance company, your company
(the insured) will be solely responsible for the legal fees and other costs
associated with such engagement.