- Landmark Admin suffered a ransomware attack in May 2024
- It was initially believed around 800,000 people were affected
- New investigation determined more than 1.6 million victims
More than 1.6 million people are now thought to have been affected by the May 2024 cyberattack at Landmark Admin, twice as many as originally thought.
The company confirmed the news in an updated report filed with the Office of the Maine Attorney General.
“The forensic investigation determined that data was encrypted and exfiltrated from Landmark’s system,” the company said. “However, there was insufficient evidence available to identify which files had been compromised. The unauthorized activity occurred between May 13, 2024, and June 17, 2024.”
Ransomware attacks
Landmark Admin is a third-party administrator (TPA) specializing in administrative support services for life insurance and annuity companies.
In late October 2024, the company reported suffering a serious ransomware attack in which threat actors also stole sensitive customer data, with the attack allegedly the work of a ransomware operator called Abyss.
Following the breach, Landmark Admin shut down its IT systems and remote access to its network to contain the effects, and brought in third-party security experts, who found the personal information of 806,519 people had been stolen.
In a data breach notification letter sent to affected customers, Landmark Admin said that the information stolen included people’s full names, addresses, Social Security numbers, tax identification numbers, driver’s license numbers, state-issued ID card numbers, passport numbers, financial account numbers, medical information, dates of birth, health insurance policy numbers, and life annuity policy information.
The information stolen varied from individual to individual, and since the information stolen is highly sensitive, users were advised to be extra vigilant for potential phishing attacks, social engineering, or possible wire fraud.
At the time of the breach, Landmark offered credit monitoring and identity theft protection services through IDX, including 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services.
Via BleepingComputer
You might also like
- Nearly a million users affected by Landmark data breach
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
