AgentRun Insurance Broker Suffers Data Leak – Thousands of Files Exposed

Another day, another security incident. This time, insurance broker AgentRun is the latest company to suffer from a data leak.

If anyone is going to understand risk, you’d think it would be someone involved in the insurance industry. Now, an organization who brokers insurance is the latest who has suffered from a data leak.

Their database was posted on the ever famous Amazon S3 cloud storage bucket. The “vast” cache, once reported, was immediately removed from the server after the company was notified of the incident. Up until that point, the file was not protected and left open for anyone who happens to stumble across it. From ZDNet:

The data included detailed insurance policy documents containing names, postal addresses, dates of birth, and phone numbers. In some cases there were also documents revealing an income range, ethnicity, and marital status.

Many of the documents were scans of people’s identification documents, including Social Security cards and numbers, Medicare cards, and other documents, such as driver licenses, and armed forces and voter identification cards

Some policy holders also enclosed blank bank checks.

The data also included sensitive health information, including a person’s prescriptions, dosages, and costs — which can identify medical conditions.

Insurance companies found in the data included Cigna, TransAmerica, SafeCo Insurance, Schneider Insurance, Manhattan Life, and Everest — to name a few.

The security incident is just the latest in a huge string of incidences we’ve spotted. There have been so many, it almost seems like this sort of thing happens on a near daily basis these days.

This month did start off quietly enough, but kicked things off with a bang with a company having 34.4 million Aadhaar accounts exposed in a data breach. Chili’s followed that up with an unknown number of credit cards exposed in a breach of their own. The University of Cambridge suffered a data leak which saw 3 million Facebook accounts affected. LocationSmart then suffered a data leak. that saw potentially any American on all major US ISPs exposed to anyone wanting to track their geolocation data in real time.

The security train wreck continued after the Los Angeles county 211 crises and abuse hotline suffered a data leak. That saw 3.2 million sensitive records exposed. Controversial app TeenSafe suffered a data leak leaving users information and passwords exposed. Controversial US ISP Comcast then suffered a data leak which saw their Xfinity customers exposed. Finally, CIBC and Bank of Montreal both suffered a data breach which saw tens of thousands of bank clients exposed.

At this point, we’re wondering when this security nightmare month will ever end.

Drew Wilson on Twitter: @icecube85 and Google+.

1 Trackback or Pingback

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: