Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack.

Landmark Admin is a third-party administrator for insurance companies, offering back-office services like new business processing and claims administration for large insurance carriers.

Some insurance carriers working with Landmark Admin include American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company. 

In a filing with the Main Attorney General’s office, Landmark says it detected suspicious activity on May 13th, 2024, causing the company to shut down IT systems and remote access to its network to prevent the spread of the attack.

Landmark engaged with a third-party cybersecurity company to remediate the incident and investigate whether data was stolen in the attack.

During this investigation, Landmark says it found evidence that the threat actor accessed some files during the attack that contained the personal information of 806,519 people.

“Based on the investigation, the following information related to potentially impacted individuals may have been subject to unauthorized access: first name/initial and last name; address; Social Security number; tax identification number; driver’s license number/state-issued identification card; passport number; financial account number; medical information; date of birth; health insurance policy number; and life and annuity policy information,” reads the Landmark data breach notification.

“Please note that the information above varies for each potentially impacted individual. Affected individuals will be notified by mail of information that was impacted.”

Landmark says the investigation is ongoing and will notify affected individuals if more information becomes available.

Due to the sensitive nature of the stolen data, impacted people should monitor their credit reports and bank accounts for suspicious activity.

At this time, no threat actors have claimed responsibility for the attack, so it is unknown if it was ransomware or a data theft attack.