American National Insurance Company breach data found online

News
By
published

A hacker is offering the archives for sale

Security
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • Security researchers find new ad for the sale of a stolen database
  • The database belongs to the American National Insurance Company, and was first stolen in 2023
  • It contains information belonging to thousands of customers and employees

Sensitive information belonging to thousands of customers and employees of the American National Insurance Company is being sold online after initially being stolen years ago, experts have claimed.

American National Insurance Company (ANICO) is a financial services organization providing a wide range of insurance and financial products, including life insurance, health insurance, property and casualty insurance, annuities, and pension plan services.

In 2023, the company suffered a cyberattack and lost sensitive customer and employee data. Now, almost two years later, the stolen information seems to be surfacing.

Plenty of sensitive information

The team at SafetyDetectives discovered the ad for the sale on a hacking forum, noting the seller was offering a 90MB CSV file, which, judging by a shared screenshot, seems to have been posted on BreachForums, one of the most popular hacking communities out there.

The seller claims the file contains 279,332 lines of sensitive customer and employee data. They also shared a small sample to prove their claims.

The data contains customer account ID numbers, status, email addresses, full names, birth dates, age, gender, marital status, generation, occupation, phone numbers, language, postal address, Inforce Premium amount, Inforce Premium amount annuity, and type of policy.

Employees have also lost information on their years in force, agent names, agent emails, MLGA/RGA names, and MLGA/RGA emails.

“This report issued by data breach lawyers at Console & Associates, P.C probing the 2023 data breach asserts that Social Security Numbers, financial account information and medical information was also exposed,” the researchers said.

“However, our cybersecurity team cannot verify if the data shared in this forum post includes such sensitive information or is linked to the reported breach as the author does not specify the exact source of the data beyond mentioning its presence on the dark web.”

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.