Hacker working with computer showing insurance administrator data breach

Insurance Administrator Landmark Admin Ransomware Data Breach Impacted Over 800,000 People

Third-party insurance administrator Landmark Admin has confirmed that the May 2024 ransomware attack resulted in a data breach affecting nearly one million customers.

Landmark is a Brownwood, Texas-based third-party administrator (TPA) managing life insurance policies and annuities on behalf of other companies. Its clients include American Benefit Life Insurance Company, American Monumental Life Insurance Company, Capitol Life Insurance Company, Continental Mutual Insurance Company, Liberty Bankers Life Insurance Company, and Pellerin Life Insurance Company.

According to a data breach notice on the company’s website, Landmark said it detected suspicious activity on its systems on May 13, 2024. It responded by disconnecting the impacted systems and hiring external cyber forensics experts to investigate the incident and secure the company’s computing infrastructure.

However, preliminary investigation results determined that the threat actor accessed some Landmark files containing sensitive customer information.

Insurance administrator Landmark data breach leaked sensitive information

Landmark determined that the incident occurred between May 13, 2024, and June 17, 2024, and the threat actor exfiltrated and encrypted data.

“The forensic investigation determined that data was encrypted and exfiltrated from Landmark’s system,” the company said.

However, the insurance administrator could not immediately determine the nature of the customer information the threat actor exfiltrated and thus continued investigating the incident with the assistance of external cyber forensics.

Upon completing the investigation, Landmark determined that the threat actor accessed the victims’ government-issued identifiers and personal, medical, financial, and insurance information.

While details leaked varied by individual, they included the customers’ names, addresses, dates of birth, Social Security Numbers, driver’s licenses or state-issued ID numbers, tax ID, passport numbers, medical, health insurance, and bank account information.

A data breach notification the insurance administrator filed with the Office of the Maine Attorney General says that the data breach impacted 806,519 people.

The company has notified impacted customers out of an abundance of caution and offered 12 months of identity theft protection services through IDX.

The insurance administrator also advised victims to remain vigilant for potential phishing attacks by monitoring their financial statements and credit reports and notifying their financial institutions of suspicious activity.

Meanwhile, the insurance administrator has restored the impacted systems, notified law enforcement authorities, and implemented additional security measures to protect its infrastructure from similar incidents in the future.

So far, no threat actor has taken responsibility for the Landmark data breach and the insurance administrator has not confirmed receiving ransom demands.

Third party insurance administrators targeted

Third-party administrators are a lucrative target for cybercriminals due to the vast amount of sensitive personal information they collect from various clients.

In December 2023, WebTPA Employer Service, a Texas-based subsidiary of GuideWell Mutual Holding Corporation, suffered a data breach impacting 2.4 million beneficiaries.

Similarly, a Draper, Utah-based insurance administrator HealthEquity also learned of a third-party data breach impacting 4.3 million individuals in March 2024.

Hackers also directly target health insurance companies to steal personal, insurance, health, and financial data for extortion and identity theft. In February 2024, UnitedHealth subsidiary Change Healthcare suffered a data breach that impacted nearly a third of Americans.