In a recent development, SafetyDetectives’ Cybersecurity Team stumbled upon a forum post on the clear web where a threat actor posted a link to a database allegedly belonging to American National Insurance Company’s 2023 data breach that contained 279,332 lines of sensitive data of customers and some employees’ data, according to the post.

What Is the American National Insurance Company (ANICO)?

The American National Insurance Company is an insurance company based in Galveston, Texas. The company’s subsidiaries include American National Life Insurance Company of Texas. American National employs more than 4,600 people and generates approximately $1.1 billion in annual revenue.

What & Where Was The Data Found?

The forum in which the data was posted was available on the clear surface web. The platform operates message boards dedicated to database downloads, leaks, cracks, and more.

The Data Leaked

According to the author of the post, the exposed data belonged to the American National Insurance Company consisting of a 90MB .CSV file and it contained 279,332 lines of sensitive data allegedly from the dark web sites and contained:

Customer’s Data:

  • Account ID,
  • Status,
  • Email Address,
  • Full Name,
  • Date of Birth,
  • Age,
  • Gender,
  • Marital Status,
  • Generation,
  • Occupation,
  • Phone,
  • Language,
  • Full physical address,
  • Inforce Premium Amount,
  • Inforce Premium Amount Annuity,
  • Type of Policy.

Employees data:

  • Years In Force,
  • Agent Name,
  • Agent Email,
  • MLGA/RGA Name,
  • MLGA/RGA Email.

This report issued by data breach lawyers at Console & Associates, P.C probing the 2023 data breach asserts that Social Security Numbers, financial account information and medical information was also exposed. However, our cybersecurity team cannot verify if the data shared in this forum post includes such sensitive information or is linked to the reported breach as the author does not specify the exact source of the data beyond mentioning its presence on the dark web.

Even though the full data the author claims to have was shared behind a paywall, the author posted a small sample accessible to anyone with an internet connection, which our research team was able to review and could confirm its authenticity.

What Caused the Data Breach?

According to this report from August, 2023; the company used MOVEit, which is a file transfer application created by Progress Software. In this article, American National explains that back in 2023, it became aware that the Cl0p ransomware group listed the company as a victim. At that time, American National was investigating Cl0p’s claims to determine their validity. Thus, it is possible that American National’s recent filing with the Texas Attorney General is referring to a MOVEit breach. However, this has not yet been confirmed by American National.

What’s the Impact of the Data Breach?

The potential risks of having this private information exposed are serious. This includes the potential for identity theft, where personal information like Social Security numbers and financial details can be used to impersonate individuals and commit fraud.

Medical privacy violations are also a concern, as disclosed health information may lead to discrimination or misuse. Furthermore, the compromised data opens doors to phishing attacks through emails or messages that trick victims into revealing more personal details or clicking on harmful links.

For those who believe their data may have been exposed in this incident, it is important to take immediate action to protect yourselves. Here are some recommendations:

  • Change Passwords and Enable Two-Factor Authentication (2FA): If you used the same password on other platforms, change those passwords as well to prevent further unauthorized access. Additionally, use two-factor authentication (2FA) where available, as this adds an extra layer of security to your accounts.
  • Be Cautious of Phishing Attempts: Be wary of unsolicited emails or messages asking for personal information or payment details. Do not click on any links or download attachments from unknown sources.
  • Update Privacy Settings: Review the privacy settings on your social media accounts and other online platforms to limit the amount of personal information that is publicly available.
  • Contact Authorities: If you believe you have been a victim of identity theft or fraud as a result of this data breach, report the incident to local law enforcement and relevant authorities.
  • Monitor Your Accounts: It’s never “too much” to keep a close eye on your email and bank accounts for any suspicious activity when you suspect your personal data has been compromised. Report any unauthorized transactions immediately.

It is essential for people to be proactive in protecting their personal information — especially following incidents like data breaches. These breaches can lead to serious consequences, so it is important to stay alert and take action to reduce the risks associated with compromised data. By following our recommendations and staying informed about cybersecurity practices, individuals can enhance their defenses against potential threats.