Insurance admin services company data breach exposes details about 8 lakh US users

Insurance administrative services company Landmark Admin has disclosed a data breach. The company confirmed that a cyberattack in May affected over 8 lakh people. The company, which provides back-office services for major insurance carriers, said that it asked a third-party cybersecurity company to investigate the incident. The investigation revealed that the cyber attacker accessed files containing the personal information of 806,519 users. The exposed data may include names, addresses, Social Security numbers, and insurance policy information.
Landmark Admin's clients include American Monumental Life Insurance Company, Pellerin Life Insurance Company, and several others.

In a filing with the Main Attorney General's office (seen by Bleeping Computer), Landmark said that it detected suspicious activity in May and took steps to contain the attack. The company shut down its IT systems and remote access to its network to prevent the spread of the attack. Landmark Admin said that it is notifying affected individuals.
The company’s data breach notification (seen by Bleeping Computer) said: "Based on the investigation, the following information related to potentially impacted individuals may have been subject to unauthorised access: first name/initial and last name; address; Social Security number; tax identification number; driver's license number/state-issued identification card; passport number; financial account number; medical information; date of birth; health insurance policy number; and life and annuity policy information.
Please note that the information above varies for each potentially impacted individual. Affected individuals will be notified by mail of information that was impacted."
Considering the sensitive nature of the data reportedly compromised in the Landmark Admin breach, individuals are strongly encouraged to closely monitor their credit reports and bank accounts for any suspicious activity. This step can help mitigate the risk of identity theft or financial fraud. The nature of the cyberattack also remains unclear, as no group claimed responsibility.