Insurance administrator Landmark Admin is notifying over 800,000 individuals that their personal information was stolen in a ransomware attack earlier this year.
Landmark discovered the unauthorized access to its systems on May 13, and the attackers regained entry to its network on June 17, while the investigation into the incident was ongoing.
The threat actors exfiltrated and encrypted data, the company noted in a notification letter to the impacted individuals, a copy of which was posted on Landmark’s website.
Copies of the notification letter were also submitted to regulators in Maine, California, and Texas. A total of 806,519 people were affected, the company told the Maine Attorney General’s Office.
According to the insurance administrator, the potentially compromised information includes names, addresses, dates of birth, drivers’ license or state-issued ID numbers, passport numbers, Social Security numbers, medical and health insurance information, bank account and routing numbers and/or life and annuity policy information.
“In abundance of caution, Landmark is notifying all individuals whose private information may have been contained in its systems at the time of the incident. Individual notice letters will be mailed to these potentially affected individuals,” the company said.
Landmark said it has securely restored affected systems and has taken steps to improve its network security, and has notified law enforcement of the attack.
The company is providing the affected individuals with 12 months of free credit monitoring and identity theft protection services, as well as with additional guidance on how to protect themselves against identity theft and fraud.
Advertisement. Scroll to continue reading.
The insurance administrator has not shared information on the threat actor responsible for the attack and SecurityWeek has not seen a known ransomware group claiming responsibility for the incident.
Based in Texas, Landmark Admin provides back office administrative solutions for life and annuity companies, including Liberty Bankers Insurance Group (LBIG).
Related: Insurance Firm Johnson & Johnson Discloses Data Breach
Related: AMD Investigating Breach Claims After Hacker Offers to Sell Data
Related: Canada Credit Union Data Breach Bigger Than First Thought: Desjardins