Farmers Insurance Data Breach Impacts 1 Million Americans: What To Know
Farmers Insurance, one of the largest insurers of houses, vehicles and small businesses in the country, revealed at the end of last week that it was the prey of a third -party cyber attack that could have exposed sensitive data of 1.1 million customers.
“We recently discovered that an unauthorized third party had briefly reached a supplier system that contained client information from farmers,” the company said in a shared statement with Nowsweek. “The incident has only involved limited information from certain customers.”
Although the consequences for the customers concerned are not yet clear, the data violation exposes the vulnerability of insurance companies and their customers to such attacks. Farmers serve approximately 10 million households across the country and have 19 million insurance policies nationwide, according to the Insurance Mag, covering vehicles, houses, life and commercial activities.
What do we know about cyber attacks?
The data violation was informed by the farmers of the New World Life Insurance and the farmers, his parent company, with deposits to state regulators. A Farmers New World Life Insurance Farmers at the Maine Prosecutor’s Office said that 40,000 people were assigned by data violation; Another Farmers Group deposit said that up to 1,071,172 guards had been affected.
Above all, the data violation occurred about three months ago, long before farmers disclosed the cyber attack with an opinion on its website. The farmers said that he was not directly targeted, but that he was informed by a third -party supplier on May 30 that a database containing information on farmers’ insured persons had been illegally accessible the day before.
Getty images
“There are still a lot of unknown things,” said West Monroe’s cyber-expert, Christina Powers Nowsweek. “Even if this violation occurred three months ago now, farmers have made it public and have started to inform people in the past two days or a few weeks,” she said.
“What we have heard of them is that the attackers were able to access a database with their information which was in a way under control or management of a third party. We do not know who it was,” added Powers.
“There are speculations, but that’s all we know. I think they keep a lot of details closely kept. It could have been something like what we have seen with other insurance companies, where someone managed to fish [to the company’s database]But there are just a lot of unknown things. “”
What data have been compromised?
According to farmers, among the information compromised in the violation, there are customers’ names, addresses, birth dates, driving license numbers and the last four figures for their social security numbers.
“This can be used to make things like identity fraud,” said Powers. “It can be used to commit more targeted attacks on individuals or entities, with known information about them. And ultimately, the objective here is a kind of financial or monetary gain for attackers.”
The company said that although it is not aware of any personal information involved in the incident being poorly used, it encourages individuals “to remain vigilant in relation to cases of identity and fraud by examining financial statements and credit reports for any anomaly, and to inform their financial institution of any unauthorized transaction or suspected identity flight.”
Why attack insurance companies?
Farmers are not the first American insurance company to be the victim of a data violation in recent months. Allianz Life Insurance Company of North America declared a major violation in July, which caused an in progress against the company for having failed to protect customer data.
“We see the industry targeted by the attackers, just given the sensitive information,” said Powers. “They have pii [personally identifiable information]Things like birthdays, addresses, driving license, social security numbers, etc. “She added.
“All this can be very precious for attackers, either for a direct financial gain – identity fraud, identity theft – or then be used to perform other cyber attacks with the data to which they are able to access either individuals or commercial entities that can be provided by these companies.”
The powers would not be surprised, she said, if there were more insurers who have still not disclosed to be victims of attacks or if the attackers continue.
Regarding what the insurance companies do or the way they are well prepared to deal with these new challenges, Powers thinks that it is difficult for companies to “stay at the top” of these cyberattacks “, in particular with the interconnection of the number of third parties involved, how many different platforms they use to carry out business, how the data circulates,” she said.
“The surface of the attack on the insurance sector is very wide. I think there are fundamental things that insurance companies can do, ensuring that they have an understanding of where all their data is and how it is protected,” said Powers.
“And then the combination of having cyber-controls in place to limit who has access to what, as well as the surveillance which is capable of reporting things that seem abnormal or suspicious, as in this case.”
What do farmers do about it?
A spokesman for farmers said Nowsweek that an investigation into data violation is underway.
“A survey – conducting with experts in internal and external security – found no evidence that the data exposed was used to unscatm, nor any indication that the own systems of the farmers have been compromised,” the company said in a statement. “We directly contact people affected and provide support resources, including free credit monitoring.”
Farmers also offer free credit supervision services to customers concerned for 24 months.
But the violation of data also drew attention to farmers itself. Schubert Jonckheer & Kolbe, a law firm representing shareholders, employees and consumers in collective appeals, said that he was investigating violation and if farmers have violated the laws of states and federals pending so long to inform affected customers.
When a cyber attack occurs, there is a risk of reputation for affected companies, said Peter McMurtrie, leader in the insurance industry of West Monroe, Peter McMurtrie Nowsweek.
“One thing is just to have your name for being raped,” he said. “But I think that a second component is only this risk of reputation for the speed with which you act to defend your policyholders and protect them. We will see how it takes place with farmers and what is the lasting impact of this risk of reputation.”
