Landmark Admin, a Texas-based third-party administrator for several insurance firms, has revealed a severe data breach affecting over 800,000 individuals. The, breach which occurred in May 2024, exposed sensitive information from clients and policyholders across the insurance industry.
What Happened?
Landmark provides back-office support for various insurance providers, including claims processing and policy administration. In May, during a security check, Landmark discovered suspicious activity on its network, causing them to disconnect systems and bring in a cybersecurity firm. Despite these actions, attackers regained access in June.
This breach may impact carriers working with Landmark such as:
- Liberty Bankers Life Insurance
- American Monumental Life Insurance
- American Benefit Life Insurance Company
- Capitol Life Insurance Company
- Pellerin Life Insurance Company
- Continental Mutual Insurance,
- Among others
Landmark confirmed that hackers not only accessed but also copied sensitive data, which may be shared or sold on the dark web. On October 23, notifications began to reach affected individuals, urging them to take steps to protect themselves from fraud.
This breach comes on the heels of Globe Life Insurance’s data breach a few days ago, and CBIZ Benefits & Insurance Services breach in September.
What Data Was Affected?
According to Landmark’s filings with state regulators, the data stolen may include:
- Full names
- Addresses,
- Dates of birth
- Social Security numbers and tax identification numbers
- Driver’s licenses
- State-issued IDs
- Passport numbers
- Bank account details, including routing numbers
- Medical records
- Health insurance policy information
- Life and annuity policy details
- And more
With this data, hackers could commit identity theft, file fake tax returns, or target individuals with tailored phishing attacks. Landmark has advised affected individuals to monitor their accounts closely and is offering a year of free credit monitoring and identity protection.
What Independent Insurance Agencies Must Consider
For independent insurance agencies, this breach highlights the need for strong data security, especially with third-party administrators. Here are key takeaways for your agency:
- Due Diligence on Third-Party Providers: Ensure that any vendor handling sensitive customer data follows strict cybersecurity practices and has a clear incident response plan.
- Regular Cybersecurity Audits: Regularly audit third-party providers to verify they’re protecting data effectively. Add clauses in contracts requiring immediate notification if a breach occurs.
- Communication Plan: Have a proactive communication strategy to inform clients about data protection measures and what they should do if a breach affects them. This can build trust and reassure clients of your commitment to security.
- Risk Management Education: Provide ongoing training for staff on data security practices and how to spot potential threats, like phishing, that often follow breaches.
Essential Cybersecurity Protections Every Insurance Agency Should Have
- Multi-Factor Authentication (MFA): Use MFA across all systems to verify user identities and prevent unauthorized access.
- Data Encryption: Encrypt client data both in transit and at rest to secure it from unauthorized access.
- Employee Training: Train employees regularly to recognize phishing attempts, handle client data securely, and report suspicious activity.
- Endpoint Security: Install endpoint security solutions to protect devices from malware and other threats.
- Backup and Recovery Plan: Keep daily backups stored offsite to restore data in case of loss or a ransomware attack.
- Incident Response Plan: Maintain and update an incident response plan to contain and reduce the impact of breaches swiftly.
These repeated data breaches are a warning for insurance agencies: cybersecurity is essential to protect your agency and clients. Many agencies think, “It won’t happen to us,” but when it does, the fallout can be severe, with lost client trust, legal trouble, and costly financial setbacks. Ignoring these risks won’t make them go away—taking proactive steps will. Today, cybersecurity isn’t optional; it’s a necessity for business survival.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
