Skip to main content

We recently received a “security report” from an insurance underwriter related to our Cyber Liability policy.  Included in the report was the one and only incident that a user had with an email threat.  The threat was promptly identified and remediated.  My question, since the information included the users email address, time and date of the incident, how did the insurance underwriter get this information?  The only place it is contained is within our webroot data.  Are you know selling our security history logs with usernames, PII, etc.?  If so, we will be dropping Webroot like a rock.

@WR_User_Sad - Have seen such audits where insurance companies report information from various incident capture sites that may or may not correlate to an incident where the WR agent performed its remediation. “Have you been Pawned”  and other breach sites may provide more insight as if the malicious actor captured their email information and that breach was caught and/or reported to another entity, it could have been picked up through another source and correlated to a known incident coincidently.

From the WR side, if something was remediated, the users data isn’t captured in any logs,  the backend systems or otherwise. The only items captured are for internal analysis like, the threat binary,  hash, heuristic aspects and other technical binary information, device ID, but user information isn’t captured. Email isn’t captured in any logs or the console.

So, consequently, WR does not sell log information, user details or otherwise as the information isn’t presented or available.

The specific incident should be reviewed and our support team may be able to help you ascertain how that information was breached, but it had to come from another source.

Privacy is extremely important. Reference our privacy policy page for more details. Privacy Statements.


Reply