Landmark Data Breach

You can take necessary cybersecurity countermeasures for your system but will that be enough?

Of course not. Quite many organizations overlook the security of their third-party service providers, which can lead to significant financial and reputational damage.

"Landmark, a Texas-based third-party insurance administrator, has disclosed a data breach that affects more than 800,000 individuals. The incident was detected in May; the compromised data include names, Social Security numbers, tax ID numbers, drivers’ license and state-issued identification card numbers, passport numbers, bank account and routing numbers, medical information, health insurance policy information, dates of birth, and/or life and annuity policy information..." (OMG! What else?)

See the link below for the summary of the breach:

https://bit.ly/3NQ28bP

https://bit.ly/3NJaEtj

"The Texas-based company works as a third-party administrator for insurance carriers like Liberty Bankers Insurance Group (LBIG), which includes American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company."

"The breach notification letters note that the first incident occurred on May 13, when an IT team discovered “suspicious activity” that required them to disconnect the affected systems and hire a third-party cybersecurity firm. 

An investigation revealed that “there was unauthorized access to Landmark’s network and data was encrypted and exfiltrated from its system.” The hackers were in Landmark’s systems from May 13 to June 17." (The hackers were in the system for more than one month.)

"Landmark told regulators in Maine that 806,519 people were affected in total but they also filed documents in California and Texas, warning that about 68,000 Texans were impacted.

Insurance companies and their partners or subsidiaries are frequent targets for cyberattacks eager to steal volumes of sensitive health-related data. Last week, insurance firm Globe Life told the U.S. Securities and Exchange Commission that is being extorted by hackers after data on more than 5,000 people was stolen from a subsidiary."

American Water Works Cyber Attack

Cyber security on critical infrastructure are really critical but you need to understand it before you get hit by a cyber attack. Understand this before you are left without electricity or water. Take the cyber threats seriously and take countermeasures against cyber threats before it's too late.

American Water Works, a major water utility, was recently targeted by a cyber attack, they announced via a statement. While the company reported that its water and wastewater facilities were not directly affected, the incident underscores the vulnerability of critical infrastructure to cyber threats. A successful cyber attack on a critical infrastructure provider could have severe consequences, including disruptions in essential services and potential public health risks. Investing in robust cybersecurity measures is essential to protect critical infrastructure and ensure the continued delivery of essential services.

https://bit.ly/4eNgl50

"The company’s MyWater account system is currently down, according to a notice on the company website, and all appointments set up by customers will be rescheduled. Additionally, all billing has been paused until further notice as they try to bring systems back online — there will be no late charges or service shut offs while systems are down."

"American Water Works provides drinking water, wastewater and other related services to an estimated 14 million people in 14 states as well as 18 military installations. From its regulated businesses, the company reported a net income of $971 million for 2023."

"American Water Works did not respond to requests for comment about whether they are dealing with a ransomware attack or if a ransom has been issued."

The EPA (U.S. Environmental Protection Agency) said in May (2024) that in recent inspections, over 70% of water systems examined do not fully comply with the Safe Drinking Water Act and some 'have critical cybersecurity vulnerabilities, such as default passwords that have not been updated and single logins that can easily be compromised.'”