Landmark Admin has issued an update to its investigation of a cyberattack it suffered in May 2024, increasing the number of impacted individuals to 1.6 million.
Landmark is a Texas-based third-party administrator (TPA) handling policy accounting, regulatory reporting, reinsurance support, and IT systems for major insurers nationwide like Liberty Bankers Life and American Benefit Life.
In October 2024, the company warned that it detected suspicious activity on its networks on May 13th, 2024.
The unauthorized access was believed to have exposed the personal information of 806,519 people, including their:
- Full name
- Home address
- Social Security number
- Tax identification number
- Driver’s license number
- State-issued identification card
- Passport number
- Financial account number
- Medical information
- Date of birth
- Health insurance policy number
- Life and annuity policy information
The exact data types exposed vary per individual, and Landmark promised to notify each with a personalized letter specifying which data was compromised.
In an updated filing at the Main Attorney General’s office, Landmark says its investigations revealed that the number of affected individuals is actually higher, now estimated at 1,613,773 people.
Landmark says the forensic investigation remains ongoing, which means that the final tally might eventually be higher and could be revised several times in the future.
“Landmark began reviewing the affected systems to identify the specific individuals and the types of information that may have been compromised,” reads the latest notice.
“While this process remains ongoing, Landmark will notify affected individuals by mail as the information becomes available.”
Data breach notification recipients are given 90 days from receiving the notification to address their concerns and questions in a dedicated helpline.
Landmark has also provided 12 months of identity theft protection and credit monitoring coverage to lessen the risk and impact of sensitive data exposure.
Monitoring credit reports and considering placing fraud alerts or a security freeze are also listed in the recommendations.