Insurance firm AIL allegedly hit in cyberattack - hackers claim info on over 150,000 users stolen, here's what we know

News
By published

AIL is yet to confirm the allegations

Data breach
(Image credit: Shutterstock)
  • American Income Life reportedly lost sensitive data on 150,000 people in a cyberattack
  • Hackers posted stolen insurance records online, including names, contacts, and policy details
  • Free data release may trigger widespread identity theft, phishing, and insurance fraud

American insurance company American Income Life (AIL) has apparently suffered a data breach in which it lost sensitive data on roughly 150,000 people.

Earlier this week, a threat actor posted a new thread on a popular hacking forum, claiming to have breached the company’s website and stolen, among other things, unique record IDs, names, phone numbers, addresses, email addresses, dates of birth, gender, and various information about people’s insurance, such as policy status or insurance plan names.

The thread was spotted by cybersecurity researchers from Cybernews who, after analyzing a sample, said the data - for the most part - checks out - although whether or not it is old and outdated could not be determined.

Abusing the stolen information

It seems that the attacker is offering the data for free. Usually, hackers would sell it to its peers, who would later use it to launch attacks of their own. Sharing it with no compensation could increase the number of follow-up attacks, significantly.

There are several ways in which the stolen data can be exploited. Personally identifiable information such as names, birth dates, addresses, and contact details can be used for identity theft, allowing criminals to open fraudulent accounts or apply for loans in victims’ names.

Insurance-related data, including policy status and plan names, may enable targeted phishing attacks, where fraudsters impersonate the company to trick customers into revealing more sensitive information or making unauthorized payments.

With enough details, attackers could also engage in medical or insurance fraud by submitting false claims or accessing healthcare services under someone else’s name.

Finally, if record IDs and structured data were exposed, this also increases the risk of automated exploitation, especially if the stolen files can be combined with other datasets.

We have reached out to American Income Life and will update this article if we hear back.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.