- According to reports, American income life lost confidential data in 150,000 people in a cyber attack
- Computer pirates published online stolen insurance records, including names, contacts and details of the policy
- Free data release can trigger the theft of generalized identity, phishing and insurance fraud
American Insurance Company American Inome Life (AIL) has apparently suffered a data violation in which he lost confidential data about approximately 150,000 people.
Earlier this week, a threat actor published a new thread in a popular piracy forum, which claims to have violated the company’s website and stolen, among other things, unique registration identifications, names, telephone numbers, addresses, email addresses, birth dates, gender and various information about people’s insurance, such as the state of politics or the names of insurance plans.
The thread was seen by cybersecurity researchers of Cybernews Who, after analyzing a sample, said that the data, for the most part, are reviewed, although it cannot be determined if it is old and outdated.
Abusing stolen information
It seems that the attacker is offering the data for free. In general, the computer pirates sold it to their classmates, which would then use it to launch their own attacks. Sharing without compensation could increase the number of monitoring attacks, significantly.
There are several ways in which stolen data can be exploited. Personal identification information, such as names, birth dates, addresses and contact data, can be used for identity theft, allowing criminals to open fraudulent accounts or request loans from the names of the victims.
Insurance -related data, including the state of the policy and the names of the plans, can allow specific phishing attacks, where the scammers pass through the company to deceive customers to reveal more sensitive information or make unauthorized payments.
With enough details, the attackers could also participate in medical or insurance fraud presenting false claims or accessing medical care services under the name of another person.
Finally, if registration ID and structured data were exposed, this also increases the risk of automated exploitation, especially if stolen files can be combined with other data sets.
We have communicated with American Inome Life and we will update this article if we receive news.
