Researchers find huge American National Insurance database stolen by cyber criminals

Security researchers at SafetyDetectives have identified a massive trove of data belonging to American National Insurance Company not long after threat actors claimed that they stole data from the company by exploiting vulnerabilities in the MOVEit file transfer software.

In May 2023, American National Insurance Company, one of the largest insurance providers in the U.S, said that it used Progress Software’s MOVEit app to transfer files securely and was affected by the data security incident involving the vendor that affected hundreds of organisations globally.

In a filing with the Office of the Attorney General of Massachusetts, the insurance company said that “on May 31, 2023, Progress Software Corporation announced a previously unknown vulnerability affecting its MOVEit Transfer application. Many organizations globally, including American National, were affected by this vulnerability because of the widespread use of MOVEit for various business purposes.”

“American National’s investigation revealed that an unauthorised third-party gained access to certain American National MOVEit systems on May 28, 2023. On that day, the unauthorised third-party acquired files that contained personal information belonging to American National’s customers,” the insurance company added. The compromised data included names, social security numbers, dates of birth, and addresses.

Recently, researchers at cyber security company SafetyDetectives came across a dark web forum post where a threat actor posted a link to a database allegedly belonging to American National Insurance Company. The threat actor claimed that the database contained 279,332 lines of sensitive data of customers and some employees’ data.

According to the threat actor’s post, the stolen database included a 90MB .CSV file that stored sensitive personal data. The compromised data included account IDs, email addresses, names, dates of birth, age, gender, marital status and more. For employees, the compromised data includes years in force, agent names, agent emails, MLGA/RGA names, MLGA/RGA emails and more.

“Even though the full data the author claims to have was shared behind a paywall, the author posted a small sample accessible to anyone with an internet connection, which our research team was able to review and could confirm its authenticity,” reads SafetyDetectives’ post.