Over 1.6 million individuals impacted in large-scale Landmark Admin data breach

Brownwood, Texas-based insurance administrative services provider Landmark Admin said that the data security incident it suffered in May compromised the sensitive personal information of more than 1.6 million individuals.

 

Landmark Admin is a third-party administrator for insurance carriers, including Liberty Bankers Insurance Group which includes American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.

 

In a filing with the Main Attorney General’s office, Landmark said that on May 13, its IT vendor detected suspicious activity in its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

The investigation revealed that “the root cause and initial unauthorised access to Landmark’s system had occurred on May 13, 2024 via the VPN using valid credentials. The forensic investigation was inconclusive as to how the credentials were compromised.

 

“On June 17, 2024, Landmark discovered the threat actor had re-entered its environment and exfiltrated data. The forensic investigation concluded on or about July 24, 2024. The investigation determined unauthorised access to Landmark’s network occurred from May 13, 2024 to June 17, 2024, and certain systems were encrypted and data had been exfiltrated after the threat actor re-entered its systems,” reads the notice.

 

The compromised data included names, dates of birth, addresses, Social Security numbers, tax identification numbers, drivers’ license numbers, state-issued identification card numbers, passport numbers, bank account and routing numbers, medical information, health insurance policy numbers, and life and annuity policy information.

 

Landmark Admin initially said in its filing with the Maine state regulator that at least 806,519 individuals were impacted by the incident, the company said in a recent filing that at least 1,613,773 people were impacted by the data security incident.

 

Landmark has urged all affected individuals to remain vigilant and monitor their credit reports and financial statements for any suspicious activities and to report suspicious activities to relevant law enforcement authorities and their banks. It has also offered one year of complimentary credit monitoring and identity theft protection services via IDX to all affected individuals.