Landmark Admin, a provider of administrative services to numerous prominent insurance carriers in the United States, has recently disclosed that a cyberattack in May 2024 compromised the personal information of more than 800,000 individuals.
The Breach: What Happened?
Landmark Admin collaborates with several prominent insurance providers in the United States, including American Monumental Life Insurance Company, Pellerin Life Insurance Company, and American Benefit Life Insurance Company. As a result of these collaborations, millions of policyholders have entrusted their personal data to Landmark’s systems.
In May 2024, unauthorized access to Landmark’s network was achieved by hackers. A report submitted to the Maine Attorney General’s office indicated that Landmark identified unusual activity on May 13, 2024. In response to this detection, the company took immediate action by disconnecting the affected systems and restricting remote access to its network.
Despite these precautionary measures and the engagement of a third-party cybersecurity firm to investigate and fortify the system, hackers successfully infiltrated Landmark’s defenses once more on June 17, 2024.
The subsequent investigation disclosed that not only was the data encrypted by the attackers, but it was also exfiltrated. The compromised data encompasses highly sensitive information, including names, Social Security numbers, driver’s license numbers, passport numbers, tax identification numbers, banking information, medical records, health insurance policy numbers, as well as details pertaining to life and annuity policies.
The Impact: What’s at Risk?
This data breach raises significant concerns due to the sensitive nature of the information that has been compromised. The exposure of Social Security numbers and other personal identifiers, such as driver’s licenses and passport numbers, presents a substantial risk for identity theft and large-scale fraud. Additionally, the inclusion of bank account details and health insurance information heightens the likelihood of financial crimes and fraudulent claims.
The insurance sector has historically been a prime target for cyberattacks, given the extensive personal data it manages. However, this particular incident is noteworthy not only for its extensive reach—affecting more than 800,000 individuals—but also because the attackers managed to infiltrate Landmark’s systems again, despite the implementation of initial security measures.
What Is Landmark Doing About It?
In light of this incident, Landmark Admin is providing complimentary identity theft protection services to all individuals impacted. The company has initiated the process of informing those whose personal information might have been compromised through first-class mail. Notifications are being dispatched in phases as potentially affected individuals are identified. A redacted version of the notification letter is available at ClassAction.org.
Additionally, Landmark Admin has adopted more robust data encryption protocols and other IT security improvements to avert future breaches. These enhancements encompass the upgrading of encryption techniques and the fortification of overall network security to ensure that sensitive information is safeguarded more effectively in the future.
The Bigger Picture: A Growing Trend
This event represents merely one of numerous significant data breaches that have impacted a variety of sectors in recent years. Industries ranging from healthcare to government contractors, and now insurance administrators such as Landmark Admin, appear to be vulnerable to cyber threats.
As reported in IBM’s Cost of a Data Breach Report 2023, the average expense associated with a data breach has surged to a record $4.45 million per incident. In 2024, this amount increased by ten percent to $4.88 million, a figure that does not take into consideration the enduring reputational harm or the erosion of consumer trust.
