Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

US insurance company has customer data leaked on a forum

People trust insurance companies to be there when they need them most. They’re trusted with sensitive information and data and the users think they will be safe from anything that life throws at them. Well, turns out, not all Insurance companies are trustworthy, even if they seem like they are. 500 GBs worth of customer data was recently found on a Russian hacking site.

Important details about the leak

The company that had the information leaked was USG Insurance Services. They are a national wholesale broker and managing general agent, a company that should be able to keep customer data safe, but failed to do so. 

The leak happened in two parts, the first one on October 27, 2020 and the second one on November 4, 2020. It seems that the first leak happened and the hackers held the second part for ransom, when the company didn’t pay up, they leaked the rest of the data as well.

The leak was around 500 GBs in total, in the entire thing, there were around 5.2 million individual files. Which is a lot! In these files, there’s everything the company had access to. This doesn’t just mean the information about customers accounts in the company, it’s far beyond that. 

In the leaks that are already circulating online, you can see everything. People’s names, addresses, social security numbers of themselves and their spouses, their phone numbers, copies of their driver’s licenses and for a lot of the people, even their account balances. 

What makes this so dangerous is that although you can change your account passwords and even move to a different location, changing your social security number isn’t an easy feat. This leaves the victims of this leak vulnerable for life!

With the entire database uploaded onto the web, not only did the specific forum it was on have access to it, but everyone else did too. Anyone who wanted access to the data could have easily visited the forum and downloaded whichever part they wanted. So there’s no real measure of how far the data might have travelled by now.

Impacts of the leak

Since this leak contained everything one would need to prove their identity, it leaves the victims vulnerable to a series of things. The biggest one being identity theft. A hacker can take all of the information and apply for loans or credit cards, collect their tax returns, benefits and salaries. Use their health insurance, apply for houses and phone numbers and even commit crimes that would end up with the victim having a criminal record, which isn’t quick or easy to get rectified. 

If the hackers don’t want to use this information themselves, they can even list them on the black market and sell it there to people that want access to multiple identities, leaving what they want to do with them, to them. 

What should be the next steps?

In the 500 GB database, each file was around 200 KB in size. If the entire database has similarity sized files, the leak would have affected over 5.2 million files. If you are a current or former customer of  USG Insurance Services, it is highly likely that your data has been leaked. In order to protect yourself going forward,

  1. Watch out for anything suspicious in your accounts by setting up identity theft monitoring.
  2. Read all the emails you receive properly to make sure you don’t end up falling for a phishing attempt.