- Security researchers find a new ad for the sale of a stolen database
- The database belongs to the American National Insurance Company and was stolen for the first time in 2023
- It contains information belonging to thousands of customers and employees
Sensitive information belonging to thousands of customers and employees of the American National Insurance Company is sold online after being initially stolen years ago, experts said.
American National Insurance Company (Anico) is an organization of financial services offering a wide range of insurance and financial products, including life insurance, health insurance, property insurance and losses, annuities and Retirement services.
In 2023, the company underwent a cyber attack and lost data sensitive to customers and employees. Now, almost two years later, stolen information seems to surface.
Lots of sensitive information
The team at Security detectors I discovered the announcement of the sale on a hacking forum, noting that the seller offered a 90 MB CSV file, which, judging by a shared screenshot, seems to have been published on BreachForums, One of the most popular hacking communities.
The seller claims that the file contains 279,332 customer and employee data lines. They also shared a small sample to prove their claims.
The data contain the identification numbers of the customer account, the status, the email addresses, the complete names, the dates of birth, age, sex, matrimonial state, generation, occupation, Telephone numbers, language, postal address, the amount of the inforce bonus, the amount of the inforce premium and the type of policy type.
Employees have also lost information on their years of force, agent names, agent emails, MLGA / RGA names and MLGA / RGA emails.
“This report published by lawyers for the Console & Associate data violation, PC surveying the 2023 data violation says that social security numbers, information on financial accounts and medical information has also been exposed,” declared the researchers.
“However, our cybersecurity team cannot verify whether the data shared in this forum message include such sensitive information or is linked to the reported violation, because the author does not specify the exact source of the data beyond mentioning His presence on the Dark web. “
