800,000 people just had their full names, SSNs and more exposed in massive insurance admin company data breach

An open lock depicting a data breach
(Image credit: Shutterstock)

Staying safe from hackers is hard enough as it is but even if you take all the necessary precautions, your personal data could still end up being exposed online as the result of a data breach and that’s exactly what just happened to more than 800,000 people.

As reported by BleepingComputer, the insurance administrative services company Landmark Admin has revealed that it suffered a data breach following a cyberattack that occurred back in May of this year. While you likely haven’t heard of this company before, there’s a chance it could have access to your sensitive personal information.

Landmark Admin is a third-party administrator for a number of insurance companies and it provides back-office services for them such as new business processing and claims administration. In fact, some of the insurance companies it works with include American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company and the Capitol Life Insurance Company.

If any of the companies listed above happen to be your insurance company, then there’s a chance you may receive a data breach notification letter in the mail, if you haven’t already. Here’s everything you need to know about this latest data breach and what steps you should take next if your personal data was exposed online.

From cyberattack to data breach

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light

(Image credit: Getty Images)

The reason we know about this data breach in the first place is due to the fact that Landmark Admin had to submit extensive details on what happened in a filing with the Maine Attorney General’s office. In fact, similar filings from other companies are one of the ways in which we often learn more about data breaches.

In this particular filing, Landmark Admin explained that it first detected suspicious activity on its network back on May 13. To prevent this cyberattack from spreading further, the company shut down its IT systems and disabled remote access to its network.

From there, Landmark Admin worked with a third-party cybersecurity firm to investigate this incident and see whether or not any data was stolen during the attack. As it turns out, the company and the cybersecurity firm found evidence that the hackers behind the attack accessed files on the network that contained the sensitive personal information of approximately 806,519 people.

In the data breach notification sent out to affected individuals, Landmark Admin explained that the following information may have been accessed by hackers:

  • First name/initial and last name
  • Date of birth
  • Addresses
  • Social Security numbers
  • Tax identification numbers
  • Driver’s license numbers
  • Passport numbers
  • Health insurance policy number
  • Medical information

It’s worth noting though that the amount of exposed information “varies for each potentially impacted individual” according to Landmark Admin. This means that while one victim might have had their name and address exposed, another could have had their SSN and medical information exposed.

How to stay safe after a data breach

A shocked couple realizing they've been scammed

(Image credit: Shutterstock)

So what should you do if your insurance company used Landmark Admin’s services and your personal data was exposed as a result of this breach? For starters, you should check your mailbox to see if you received a data breach notification letter in the mail.

In case you’re wondering what this kind of notice would look like, there’s a sample copy included as a PDF in Landmark Admin’s filing with the Maine Attorney General’s office linked further up in this story. This letter has even more details on the incident and what the company did in its aftermath to protect its systems and the customer data stored on them.

While some companies fail to offer additional protection to affected customers or impacted individuals in this case, Landmark Admin is providing 12 months of free access to one of the best identity theft protection services through IDX. While we haven’t reviewed this particular service yet, IDX has been in business for 20 years, serves over 40 million customers and is used by Fortune 500 companies as well as the U.S. federal government.

If your identity happens to be stolen as a result of this data breach, IDX provides up to $1 million in identity theft insurance. These funds can be used to help get new documents, recover any lost wages or other damages and to hire legal counsel if necessary. Affected individuals will have access to credit monitoring services for a year as well.

For those who may be overly worried – and rightfully so after a data breach like this one — there are a number of different online data leak checkers you can use to see if your personal and financial information has ended up on the dark web. While Troy Hunt’s Have I Been Pwned is one of the oldest and most widely known, Surfshark recently launched its own data leak checker. However, as the number of data breaches has shot up in recent years, it’s likely you might find out that your data was exposed in a different incident. This is why the letter from Landmark Admin is the best way to know if your personal information was part of this particular data breach.

From here, you’re going to want to monitor all of your online accounts to look for anything unusual or suspicious. If the hackers behind this breach have your SSN, they could try and open new financial accounts, apply for a loan or even get a job or visit the doctor using your information. Likewise, if a cybercriminal commits crimes using your SSN, they end up on your criminal record.

If a year's subscription to credit and identity theft monitoring isn't enough for you, Murphy Law Firm has begun investigating claims on behalf of affected individuals. In fact, the law firm is currently putting together a class action lawsuit and you can join it here.

Data breaches like the one detailed above are becoming all too common but at least this time, Landmark Admin did the right thing by providing affected individuals with identity theft and credit monitoring. As for the data breach itself, the company and law enforcement are still investigating and we could learn more about it in the future.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • Fox Tread3
    October 25, 2024 - At least Landmark Admin seems to have done a lot more than many business normally do for people whose information has been accessed by criminals. Said companies take a very cavalier attitude that basically says.. "Sorry about that.", and offer vapid information about how to contact credit agencies, and advise that victims keep a close eye on their accounts etc. I think that businesses are allowed to demand too much personal and financial information about the people they serve. Further, all important information should be isolated (siloed) in a way, that very stringent security steps have to be taken to access that information. Lastly, it is common for businesses to demand that people provide their Social Security numbers as part of their being approved for accounts etc. It has been stated by the U.S. Government. That Social Security numbers should not be used for that purpose, and yet businesses are allowed to demand that information. It is time that State and Federal governments start to create laws that will put a limit on the information that businesses can demand from the public.
    Reply