Failure to adequately secure network according to FTC guidelines enabled cyberattack that exposed personal and health information of 806,000 customers.

A recently filed class action lawsuit alleges that third party insurance administrator Landmark Admin, failed to properly protect the personal, financial, and health information of 806,000 individuals from hackers during a month-long data breach.

About Landmark Admin

Landmark Admin offers third-party administration services for life insurance and annuity companies, including Liberty Bankers Insurance Group headquartered in Dallas. Liberty Bankers Insurance Group includes American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company.

What Happened?

According to the Supplemental Notice of Data Breach posted on the Attorney General of Maine’s website, on or about May 13, 2024, Landmark discovered unusual activity on its system. Upon discovering this incident Landmark immediately disconnected the affected systems and remote access to the network. Landmark also promptly engaged a specialized third-party cybersecurity firm to assist with securing the environment and to conduct a comprehensive forensic investigation to determine the nature and scope of the incident.

While the forensic investigation was underway, the unauthorized actor re-gained access to Landmark’s environment on June 17, 2024. The third-party cybersecurity firm again assisted with securing the environment while it also continued to conduct its forensic investigation.

The forensic investigation concluded on or about July 24, 2024. The forensic investigation determined that data was encrypted and exfiltrated from Landmark’s system, however, there was insufficient evidence available to identify which files had been compromised. The unauthorized activity occurred between May 13, 2024, and June 17, 2024.

Based on these findings, Landmark began reviewing the affected systems to identify the individuals potentially affected by this incident and the types of information that may have been compromised. This process remains ongoing. In abundance of caution, Landmark is notifying all individuals whose private information may have been contained in its systems at the time of the incident. Individual notice letters will be mailed to these potentially affected individuals by U.S. first-class mail on a rolling basis as they are identified. The first wave of notification letters will be mailed on October 23-24, 2024. 

What Information Was Stolen?

Based on the investigation, the following information related to potentially impacted individuals may have been subject to unauthorized access:

• full name;
• address;
• Social Security number;
• tax identification number;
• drivers’ license number/state-issued identification card number;
• passport number;
• bank account and routing number;
• medical information;
• health insurance policy number;
• date of birth; and/or life and annuity policy information.

Note that the information above varies for each potentially impacted individual. The specific information which may have been impacted will be identified in each affected individuals’ notification letter.

What is Landmark Admin Doing To Protect My Identity?

Landmark hastaken additional technical and administrative steps to further enhance the security of its systems and customer data to mitigate the risk of future harm. Specifically, Landmark acquired servers and deployed after server hardening, deployed a new firewall with the latest firmware, obtained new external IP address assigned by a new Internet Service Provider, implemented new domain controllers with new account naming conventions and forced new passwords, enabled BitLocker on all hard drives, re-imaged all printers on the network, re-imaged all network switches and updated to the latest firmware, and re-imaged and updated all IoT devices with the latest firmware.

Landmark also provided additional security training for all staff members, restricted all points of access to its systems, engaged a managed service provider to supplement the existing strong security posture with additional monitoring and protection software, and requires multifactor authentication for all devices (for both user and administrator logins). Landmark also notified law enforcement of this incident and this notice has not been delayed due to any law enforcement investigation.

In response to this incident, Landmark is offering credit monitoring and identity theft protection services through IDX, A ZeroFox Company, the data breach and recovery services expert. IDX identity protection services include 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services.

What Can Hackers Do With My Information?

Stolen PII and PHI can be used to commit identity theft, open new credit accounts, make unauthorized purchases or obtain loans. Cybercriminals have recently targeted America’s essential industries and in so doing have forced millions of Americans to face the fallout from these attacks.

Leaked or stolen data can be sold on the dark web forums and may be used for fraud and medical identity theft, a type of fraud, where threat actors use stolen information to submit forged claims to insurers.

Clients affected by the breach are exposed to a heightened and imminent risk of fraud and identity theft. They must now and in the future closely monitor their financial accounts to guard against identity theft and fraud.

If you receive a data breach notification from Landmark Admin it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options at no cost to you. For more information, please review these recommendations.

Protect Your Identity. Join the Landmark Admin Data Breach Class Action.

The lawsuit alleges that Landmark Admin breached its duties under common law and the Federal Trade Commission Act to implement reasonable security measures, comply with industry standards and federal data-security regulations, encrypt sensitive data, and provide adequate and timely notice of the breach.

If you receive a notification letter from Landmark Admin, you are at permanent risk of identity theft and the devastating financial and legal consequences that go along with it.

You may be eligible to participate in a class action lawsuit to recover compensation for loss of privacy, time spent dealing with the breach, out-of-pocket costs, and more.

The lawsuit looks to cover anyone in the USA whose private information was compromised by the breach announced by Landmark Admin on October 23rd, 2024.

Please complete the below form shown on this page and a data breach attorney will contact you. There is no cost to you.

Tags: cyber attack   data breach   Data Privacy   Identity Theft   personal health information   Personal Identifying Information