Nearly a million users affected by Landmark data breach

An abstract image of a lock against a digital background, denoting cybersecurity.

(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

Landmark Admin, a third-party administrator (TPA) specializing in administrative support services for life insurance and annuity companies, has confirmed suffering a serious ransomware attack recently.

The company revealed the news in a filing with the Maine Office of the Attorney General, in which it said that people’s data was stolen in an attack which took place in mid-May 2024.

Following the breach, Landmark Admin shut down its IT systems and remote access to its network to contain the effects, and brought in third-party security experts, who found the personal information of 806,519 people had been stolen.

Identity theft

“The forensic investigation determined that data was encrypted and exfiltrated from Landmark’s system,” the company said. “However, there was insufficient evidence available to identify which files had been compromised. The unauthorized activity occurred between May 13, 2024, and June 17, 2024.”

When the investigation concluded, the company understood that the information grabbed by the hackers included first name/initial and last name; address; Social Security number; tax identification number; driver's license number/state-issued identification card; passport number; financial account number; medical information; date of birth; health insurance policy number; and life and annuity policy information.

"Please note that the information above varies for each potentially impacted individual. Affected individuals will be notified by mail of information that was impacted,” Landmark said.

So far, no threat actors assumed responsibility for the attack, so we don’t know if there were any ransom demands.

Since the information stolen is highly sensitive, users are advised to be extra vigilant for potential phishing attacks, social engineering, or possible wire fraud. Landmark is offering credit monitoring and identity theft protection services through IDX, which include 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services.

Via BleepingComputer

More from TechRadar Pro

Ransomware attacks are soaring to a new high
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.