Landmark Admin Data Breach Exposes Data of Over 1.6 Million Users

Landmark Admin, LLC (“Landmark”), a third-party administrator for life insurance carriers, has reported a significant data security incident that may have exposed sensitive personal information of producers, insured individuals, policy owners, and beneficiaries.

The breach, detected in mid-May 2024, has prompted a comprehensive response to secure systems and notify potentially affected individuals.

Timeline and Discovery of the Incident

On or about May 13, 2024, Landmark detected suspicious activity within its IT infrastructure.

By May 14, it was confirmed that an unauthorized third party had attempted to access the company’s network.

In response, Landmark immediately disconnected affected systems and disabled remote access to prevent further intrusion.

The company then engaged a specialized third-party cybersecurity firm and IT professionals to conduct a forensic investigation, aiming to determine the nature and scope of the incident.

Nature of the Compromised Data

The ongoing investigation has revealed that some files on Landmark’s network may have been accessed by unauthorized parties.

The types of information potentially exposed include:

• First name/initial and last name
• Physical address
• Social Security number (SSN)
• Tax identification number (TIN)
• Driver’s license number or state-issued identification card
• Passport number
• Financial account number
• Medical information
• Date of birth
• Health insurance policy number
• Life and annuity policy information

It is important to note that the specific data compromised varies by individual.

Landmark has committed to notifying affected persons by mail as the review process identifies whose information was impacted.

Technical Terms and Incident Response

The attack involved unauthorized network access, a common vector in cybersecurity breaches.

Landmark’s response included:

• System Disconnection: Immediate isolation of affected systems to contain the breach.
• Remote Access Disablement: Preventing further unauthorized entry by disabling remote network connections.
• Forensic Investigation: Engaging cybersecurity experts to analyze digital evidence, trace the intrusion path, and assess data exposure.
• Security Enhancement: Upgrading firewalls, intrusion detection systems (IDS), and multi-factor authentication (MFA) protocols to mitigate future risks.

Steps for Affected Individuals

Landmark urges individuals to remain vigilant against identity theft and fraud by:

• Regularly reviewing account statements and credit reports for suspicious activity.
• Notifying financial institutions and major credit bureaus of the breach.
• Considering the placement of a fraud alert or credit freeze on credit files.
• Following the recommended steps in the “Steps You Can Take to Help Protect Your Information” guide provided by Landmark.

A dedicated helpline (1-844-428-5109) is available for 90 days to address questions and provide assistance.

Risk Factor Table

Commitment to Data Security

Landmark’s President, Thomas A. Munson, emphasized the company’s commitment to data privacy and security, stating that Landmark “remains dedicated to ensuring the privacy and security of all information in our control.”

The company continues to enhance its cybersecurity posture and will provide updates as the investigation progresses.

Affected individuals are encouraged to remain alert and take proactive steps to protect their personal information.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates