Landmark Admin has updated the number of individuals affected by last year’s cyberattack to 1.6 mn, according to a data breach notice filed with the Maine Office of the Attorney General (see How Does Cyber Security Hygiene Reduce the Risk of Cyberattacks?).
The company provides administrative services for life insurers and annuity providers. It experienced a cyberattack in mid-May, followed by a second breach during a forensic investigation in June.
Initially, Landmark reported that over 806,000 individuals were impacted. However, in recent filings with state attorney general offices, the company revised the figure to 1.6 mn.
In its April filings, Landmark stated that it worked “quickly and diligently” with external experts to investigate, respond to, and assess its system security.
The company outlined several actions taken to improve data protection and reduce the likelihood of future incidents.
These measures included acquiring new servers, applying after-server hardening protocols, installing a firewall with updated firmware, switching to a new internet service provider with a new external IP address, setting up new domain controllers with revised account naming conventions and enforced password changes, enabling BitLocker encryption on all hard drives, and reimaging all printers, network switches, and IoT devices with the latest firmware updates.
Landmark increased security training for staff, restricted system access points, added monitoring and protection software, and enforced multifactor authentication across all devices.
The company stated that the attacker may have accessed a range of sensitive data, including names, addresses, Social Security numbers, tax identification numbers, driver’s license or state-issued identification numbers, passport numbers, bank account and routing details, medical information, health insurance policy numbers, dates of birth, and life or annuity policy details.
In response, Landmark is offering identity theft protection and resolution services to policyholders of the affected life insurers.
The cyberattack was first identified on May 13 when an IT vendor detected unusual activity within the company’s systems.
A third-party cybersecurity firm later confirmed that an individual used valid credentials to access the VPN. Landmark reported that the system was breached again one month later.
The forensic investigation concluded that data had been encrypted and removed from Landmark’s system. However, there was not enough evidence to determine which specific files were compromised between May 13 and June 17.
Landmark also stated that there is no proof the exfiltrated data contained any personally identifiable information.
