A significant data breach has exposed sensitive information belonging to customers and employees of American National Insurance Company (ANICO), with over 270,000 lines of data being leaked. The information, which includes personal details like names, email addresses, phone numbers, dates of birth, and policy information, was discovered on a forum post on Breach Forums. The leak is believed to be connected to the 2023 MOVEit breach, which has already affected several other organizations. Although ANICO confirmed being impacted by a cyberattack involving MOVEit, the precise connection between the two incidents has not been confirmed.
The exposed data includes both customer and employee details, with customer information covering a wide range of personal data such as marital status, occupation, premium amounts, and policy types. Employee data found in the leak includes agent information and details about internal company roles.
The leak also raises concerns that additional sensitive information, such as Social Security numbers and financial data, may have been exposed, although this has not been explicitly confirmed in the available leak data.
The breach is believed to have been caused by a vulnerability within the MOVEit file transfer software, which the Cl0p ransomware group exploited. This group has previously been linked to attacks using the same vulnerability. ANICO, based in Galveston, Texas, confirmed that they had been affected by the attack, but did not confirm whether the leaked data specifically came from the MOVEit breach. Data experts suggest that the company’s filing with the Texas Attorney General might refer to this incident, although no official link has been established yet.
Given the sensitive nature of the exposed information, individuals whose data was compromised should take immediate action to protect themselves from identity theft and fraud. Experts recommend changing passwords for affected accounts, enabling two-factor authentication, and staying vigilant against phishing attempts. Monitoring credit reports and bank statements for unauthorized activity is also advised to mitigate the risk of further misuse of personal data.
Reference: