The company systems suffered a cyber attack during the second half of the October 2013. However, they came to know about the breach only in the mid of November.
The company said that they immediately hired a cyber forensic investigator to fully ascertain the extent of the problem.
Hackers accessed sensitive information includes names, addresses, encrypted payment card details of customers and CVV details.
The company said that only people who bought the insurance policies before May 2012 are at risk - The company has stopped storing sensitive data after this date.
Affected customers are being offered a free access to Data Patrol, a 24/7 online identity fraud monitoring service provided by Experian.