Insurance administrative services company Landmark Admin is warning 800,000 people that their sensitive data has been exposed, following a cyber attack earlier this year.
According to the firm's filing with the Attorney General of Maine, the breach involved an extremely broad range of personal data, including full names and addresses, Social Security numbers, tax identification numbers, drivers’ license numbers, and state-issued identification card numbers.
Similarly, passport numbers, bank account and routing numbers, medical information, health insurance policy numbers, dates of birth, and life and annuity policy information were all exposed in the incident.
The breach was discovered in May, and the company's systems were secured with the help of an external security firm until the attackers again gained access to Landmark's IT network in June, accessing more sensitive information.
Once again, the company's systems were secured, with Landmark saying it's now tightened up cybersecurity practices.
"As a result of the data breach, these individuals’ personal and highly sensitive information may be in the hands of cyber criminals who can place the information for sale on the dark web or use the information to perpetrate identity theft," said Murphy Law Firm, which is planning a class action lawsuit.
Several other law firms are considering the same.
Landmark is now contacting those whose data may have been leaked, offering them credit monitoring and identity theft protection services.
There's currently no indication of who was behind the attack, nor any information on ransom demands.
"The breach at Landmark Admin highlights a growing issue —third-party vendors are becoming easy targets for cyberattacks. This isn’t just a one-off; it’s part of a clear trend. As organizations rely more on outside partners, they expose themselves to more significant risks," said Akhil Mittal, senior security consulting manager at Black Duck.
"With personal and financial data now exposed, the immediate concern is identity theft, but the bigger issue is losing trust between insurers, their customers, and partners. Landmark’s security team needs to move quickly, not just by explaining what happened, but by actively helping partners strengthen security across the board."
Insurance companies, along with their partners or subsidiaries, represent a lucrative target for hackers thanks to the large amounts of highly-sensitive data that they hold.
Just last week, a third-party breach was reported by Brighthouse Life Insurance, for example, while insurance firm Globe Life reported that it's being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary.
Meanwhile, health insurance firm UnitedHealth has told the US Department of Health and Human Services Office for Civil Rights that the data breach it suffered earlier this year affected 100 million people.
