Another Day, Another Insurance Hack

This time the target was BackNine, and software startup that supports a number of major insurance companies. BackNine apparently uses Amazon Web Services for “cloud” data storage.

An Amazon server storing insurance applications was converted from private to public access. Whether this was done accidentally or intentionally is not known, however, this change requires access to security credentials.

There are more than 700,000 insurance applications on that server. Each of the application files contains

  • Personally identifiable information (names, addresses, SSNs, and in some cases, drivers license numbers)
  • Financial information
  • Medical histories and the results of insurance medical exams and test results

The applications cover a span of time from 2015 to 2021.

The insurance companies known to be affected include

  • AIG
  • John Hancock
  • Lincoln Financial
  • Prudential
  • Transamerica

There are several object lessons from this announcement relevant to businesses and individual consumers:

  1. All the “cloud” means is that you or a company is using devices that you do not own and which may or may not be secure. Promises of security may not be worth the electrons used to transmit them.
  2. Keep copies of anything important in your personal possession. If anything is electronic, place it on a backup drive that you can disconnect from the Internet.
  3. Assume your private information is public and monitor credit reports on a regular basis.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.