Insurance company Liberty Mutual suffered a data breach on April 30th done by the ransomware group Everest.  Stolen data included policyholders’ names, addresses, insurance policy numbers, financial and billing details and other personal information including, some medical information. The breach was not done as a direct breach of Liberty Mutual’s own internal systems, but done through a supply chain attack.  Supply chain attacks have become a trend where hackers target companies with less security who have access to the data of the company that is the real target of the criminals.  Often it takes the form of injecting  malware into software developed by companies that is later used by other companies or government agencies that allows the criminals access to their targeted victims’ data.  In other instances, such as the supply chain attacks have attacked companies used by their target companies to manage their customer data.

When Liberty Mutual refused to pay the demanded ransom promptly, Everest added Liberty Mutual to its dark web site where they threaten to post the information stolen.  Now a proposed class action has been filed by two affected customers in Massachusetts claiming Liberty Mutual was negligent in its failure to protect sensitive customer data.  I will keep you informed as to progress of the lawsuit.

TIPS

This data breach and the resulting class action is a good example of companies having to do a better job at protecting their customers data.  In particular, the threat of supply chain attacks must be anticipated by assessing various vender security practices before sharing data, encrypting all sensitive data and limiting access to only employees who require access to particular data.  Not enough companies are taking these common sense steps.

As for victims of this data breach there is little that you can do now to protect yourself from your data being exploited.  However, you should be alert to scammers who often pose as the breached company after a data breach  contact you asking for personal information in regard to these data breaches as that is a favorite tactic of the hackers to lure you into providing personal information that can lead to your becoming a victim of identity theft.  Don’t click on any links in emails or text messages that appear to be related to the data breach unless you have absolutely confirmed that the communication was legitimate.  Your best bet is to go to Liberty Mutual customer service for information as to your options provided by the company.  Here is a link to it https://www.libertymutual.com/customer-support

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/