- American Income Life reportedly lost sensitive data on 150,000 people in a cyberattack
- Hackers posted stolen insurance records online, including names, contacts, and policy details
- Free data release may trigger widespread identity theft, phishing, and insurance fraud
American insurance company American Income Life (AIL) has apparently suffered a data breach in which it lost sensitive data on roughly 150,000 people.
Earlier this week, a threat actor posted a new thread on a popular hacking forum, claiming to have breached the company’s website and stolen, among other things, unique record IDs, names, phone numbers, addresses, email addresses, dates of birth, gender, and various information about people’s insurance, such as policy status or insurance plan names.
The thread was spotted by cybersecurity researchers from Cybernews who, after analyzing a sample, said the data - for the most part - checks out - although whether or not it is old and outdated could not be determined.
Abusing the stolen information
It seems that the attacker is offering the data for free. Usually, hackers would sell it to its peers, who would later use it to launch attacks of their own. Sharing it with no compensation could increase the number of follow-up attacks, significantly.
There are several ways in which the stolen data can be exploited. Personally identifiable information such as names, birth dates, addresses, and contact details can be used for identity theft, allowing criminals to open fraudulent accounts or apply for loans in victims’ names.
Insurance-related data, including policy status and plan names, may enable targeted phishing attacks, where fraudsters impersonate the company to trick customers into revealing more sensitive information or making unauthorized payments.
With enough details, attackers could also engage in medical or insurance fraud by submitting false claims or accessing healthcare services under someone else’s name.
Finally, if record IDs and structured data were exposed, this also increases the risk of automated exploitation, especially if the stolen files can be combined with other datasets.
We have reached out to American Income Life and will update this article if we hear back.
You might also like
- TransUnion data breach may have affected 4.4 million users - here's what we know, and how to stay safe
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
