Landmark Admin data breach exposes personal information of 800,000

In May 2024, hackers breached Landmark Admin’s network, encrypting systems and stealing sensitive information from over 800,000 people. 

What happened 

May 2024 Landmark, a Texas based third party administrator for several large insurance companies, experienced a data breach impacting more than 800,000 people. On May 13, Landmark’s IT team discovered “suspicious activity” in their systems, prompting them to disconnect the affected systems and hire a third-party cybersecurity firm. An investigation revealed that hackers had gained unauthorized access to Landmark’s network, encrypting and extracting data that included names, Social Security numbers, and tax identification numbers. 

Although Landmark initially secured its systems, hackers regained access on June 17, forcing the cybersecurity team to resecure the environment while continuing their forensic investigation. Landmark provides services for insurance carriers like Liberty Bankers Insurance Group (LBIG) and its subsidiaries and began notifying impacted individuals in October 2024. 

What was said 

In the sample notice of data breach, Landmark provides, “On or about May 13, 2024, Landmark detected suspicious activity on its system. Upon discovery of this incident, Landmark immediately disconnected the affected systems and remote access to the network and promptly engaged a specialized third-party cybersecurity firm and IT personnel to assist with securing the environment, as well as to conduct a comprehensive forensic investigation to determine the nature and scope of the incident. The forensic investigation concluded on or about July 24, 2024, and determined that there was unauthorized access to Landmark’s network and data was encrypted and exfiltrated from its system. The unauthorized activity occurred from May 13, 2024 to June 17, 2024.”

Why it matters 

The combination of encrypting and exfiltrating data is a hallmark of double extortion ransomware, where attackers threaten to leak the stolen data if a ransom is not paid. For healthcare organizations avoiding these types of breaches involves proactive security measures like access controls and regular employee cybersecurity training. The use of security services for consistent and round the clock monitoring is also a beneficial cybersecurity addition to avoid threats like the one experienced. 

Related: HIPAA Compliant Email: The Definitive Guide

FAQs

What is HIPAA?

A law protecting the privacy and security of patient's medical information. 

What is a cyberattack? 

An attempt to steal, damage, or disrupt data or systems on a computer or network.