- Landmark Admin suffered a ransomware attack in May 2024
- Initially it was believed that around 800,000 people were affected
- A new investigation determined more than 1.6 million victims
Now it is believed that more than 1.6 million people were affected by the cyber attack of May 2024 in Landmark Admin, twice what was originally thought.
The company confirmed the news in an updated report presented to the Office of the Attorney General of Maine.
“Forensic investigation determined that the data were encrypted and exfiltrated from the Landmark system,” the company said. “However, there was no sufficient evidence available to identify which files had committed. The unauthorized activity occurred between May 13, 2024 and June 17, 2024.”
Ransomware attacks
Landmark Admin is a third -party administrator (TPA) specialized in administrative support services for life insurance companies and annuities.
At the end of October 2024, the company reported that it suffered a serious ransomware attack in which the threat actors also stole confidential client data, with the work supposedly the work of a ransomware operator called Abyss.
After the rape, Landmark Admin closed its IT systems and remote access to their network to contain the effects, and brought third -party security experts, who found that the personal information of 806,519 people had been stolen.
In a letter of breach of data sent to the affected customers, Landmark Admin said that the stolen information included the complete names of the people, the addresses, the social security numbers, the fiscal identification numbers, the driver’s license numbers, the identification card numbers issued by the state, the passport numbers, the financial numbers, the medical information, the medical information, the birth dates, the birth dates Health insurance and information policy of the life annuity policy.
The stolen information varied from individual to individual, and given that stolen information is highly sensitive, users were advised to be more attentive to possible phishing attacks, social engineering or possible cable fraud.
At the time of non -compliance, Landmark offered credit monitoring and identity robbery protection services through IDX, including 12 months of credit and cybersecurity monitoring, a $ 1,000,000 insurance reimbursement policy and ID ID robbery recovery services of $ 1,000,000 ID.
Through Bleepingcomputer
