- American Income Life would have lost sensitive data out of 150,000 people in a cyber attack
- Pirates have published online stolen insurance files, including names, contacts and police details
- The free data version can trigger identity theft, phishing and general insurance fraud
American Insurance Company American Income Life (AIL) apparently underwent a data violation in which he has lost sensitive data on around 150,000 people.
Earlier this week, a threat player published a new thread on a popular hacking forum, claiming to have violated the company’s website and stolen, among other things, unique recording identifiers, names, telephone numbers, addresses, e-mail addresses, birth, sex dates and various information on people’s insurance, such as police status or insurance plan names.
The thread was spotted by cybersecurity researchers from Cyberness Who, after having analyzed a sample, said that the data – for the most part – check – although it is old and obsolete could not be determined.
Abuse stolen information
It seems that the attacker offers data for free. Usually, the pirates sold him to his peers, who would use it later to launch their own attacks. Sharing it without compensation could considerably increase the number of follow -up attacks.
There are several ways in which stolen data can be used. Personally identifiable information such as names, birth dates, addresses and contact details can be used for an identity theft, allowing criminals to open fraudulent accounts or request loans in the names of the victims.
Insurance data, including police status and plan names, can allow targeted phishing attacks, where fraudsters have used the company to encourage customers to reveal more sensitive information or to make unauthorized payments.
With enough details, the attackers could also engage in medical fraud or insurance by subjecting false complaints or by accessing health services under the name of someone else.
Finally, if saved IDs and structured data have been exposed, this also increases the risk of automated operating, especially if stolen files can be combined with other data sets.
We have contacted American Institute Life and update this article if we hear.
