A U.S. life insurance company has apparently been hacked, and some of its policyholders' records posted for sale on a Russian underworld website.
But why would hackers care about your life insurance policy? Anyone who has ever applied for a life insurance policy will recall all the personal and very private information required - everything from your family history, health conditions and medications plus your Social Security number. It's scary to think of all those details out there exposed for anyone to see!
Do you remember the Deep Web black market storefront, Silk Road? Then you'll probably also remember that it was shut down earlier this year. Another site called Evolution has taken its place, and it looks like medical records from a Texas-based life insurance company are on sale.
Brian Krebs, a security expert, recently published his discovery of the leak on his KrebsOnSecurity blog. A reader alerted him to a merchant on the Evolution market named ImperialRussia who is selling medical records.
The medical records are one route that hackers can take to offer "fullz." In the cybercriminal underworld, a fullz is all the information needed about a victim to assume their identity and apply for credit under their name.
Or they can do anything else they want with that identity, really. With the amount of information that the hacker is offering, there's very little that they can't do to wreck an unsuspecting victim's credit or worse.