A U.S. life insurance company has apparently been hacked, and some of its policyholders' records posted for sale on a Russian underworld website.
But why would hackers care about your life insurance policy? Anyone who has ever applied for a life insurance policy will recall all the personal and very private information required - everything from your family history, health conditions and medications plus your Social Security number. It's scary to think of all those details out there exposed for anyone to see!
Do you remember the Deep Web black market storefront, Silk Road? Then you'll probably also remember that it was shut down earlier this year. Another site called Evolution has taken its place, and it looks like medical records from a Texas-based life insurance company are on sale.
Brian Krebs, a security expert, recently published his discovery of the leak on his KrebsOnSecurity blog. A reader alerted him to a merchant on the Evolution market named ImperialRussia who is selling medical records.
The medical records are one route that hackers can take to offer "fullz." In the cybercriminal underworld, a fullz is all the information needed about a victim to assume their identity and apply for credit under their name.
Or they can do anything else they want with that identity, really. With the amount of information that the hacker is offering, there's very little that they can't do to wreck an unsuspecting victim's credit or worse.
ImperialRussia can get you five sets of fullz for about $40. While you'd have to install an anonymous browser to navigate to the Evolution marketplace, Krebs reposted ImperialRussia's "pitch."
Most of the fullz come with EXTRA FREEBIES inside as additional policyholders. All of the information is accurate and confirmed. Clients are from an insurance company database with GOOD to EXCELLENT credit score! I, myself was able to apply for credit cards valued from $2,000 – $10,000 with my fullz. Info can be used to apply for loans, credit cards, lines of credit, bank withdrawal, assume identity, account takeover.
The source of all of ImperialRussia's fullz is American Income Life, a life insurance company based in Waco, Texas. Most of the victims seem to live primarily in the U.S. Pacific Northwest.
Keeping yourself secure doesn't just mean learning the best practices for yourself. It also means shopping around for who to trust with your personal information. Insurance companies know almost every single bit of your personal details, and breaches like this are unacceptable.
If you are insured by this company or want to learn more about identity theft, check out these helpful tips:
- 3 unbelievable true stories of identity theft
- Identity theft is fast-growing and dangerous
- Protect your identity with this cool site