Accountability, Authentication and Insurance

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

“Affected insurance providers can contact us to prevent leaking of their own data and [remove it] from the sale,” RansomHub’s victim shaming blog announced on April 16. According to the HIPAA Journal, the biggest penalty imposed to date for a HIPPA violation was the paltry $16 million fine against the insurer Anthem Inc.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S.

Accountability

Accountability Identity Theft Hacking Insurance

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

MAY 24, 2019

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. No authentication was required to read the documents. First American Financial Corp. Image: Linkedin.

Insurance

Insurance Banking Identity Theft Scams

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

The tech giant may have used this data for targeted advertising, according to Blue Shield, which is one of the largest health insurers in the US. Blue Shield a nonprofit health insurer serving nearly 6 million members, used Google Analytics to monitor how customers interacted with its websites to improve services. .”

Insurance

Insurance Data breaches Passwords Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches

Data breaches Healthcare Passwords Insurance

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you.

Accountability

Accountability Passwords Authentication Insurance

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

Security Affairs

APRIL 6, 2025

Musielak warned of the rising threat of mass identity theft, fraudulent credit applications, and fake account creation, which are now more scalable with generative AI. If you’re running KYC in banking, insurance, travel, crypto, or anywhere else its time to upgrade your process. ” added the expert. “ @authologic.

Identity Theft

Identity Theft Insurance Banking Authentication

The Taxman Cometh for ID Theft Victims

Krebs on Security

JANUARY 29, 2021

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. The scammers typically use stolen identity data to claim benefits, and then have the funds credited to an online account that they control.

Insurance

Insurance Identity Theft Accountability Mobile

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

IT Security Guru

AUGUST 7, 2024

The insurance industry is experiencing a significant transformation fuelled by the ubiquity of digital technologies. As these solutions gain traction in this sector, they add complexity to a regulatory landscape that insurance firms need to navigate, especially when it comes to Customer Identity and Access Management (CIAM).

Insurance

Insurance Data collection Authentication Technology

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

Krebs on Security

NOVEMBER 19, 2021

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle , a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. What’s your username?”

Scams

Scams Banking Passwords Authentication

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. based First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019.

Insurance

Insurance Financial Services Penetration Testing Scams

IRS Will Soon Require Selfies for Online Access

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. is perhaps better known as the online identity verification service that many states now use to help staunch the loss of billions of dollars in unemployment insurance and pandemic assistance stolen each year by identity thieves. account).

Mobile

Mobile Accountability Insurance Government

Cyber Liability Insurance and MFA on both internal and remote access

Security Boulevard

AUGUST 20, 2021

Cyber insurance is driving a long overdue improvement in user access security. Multi-factor authentication (MFA) is fast becoming a requirement for all privilege and non-privilege accounts, whether users are working on the internal network or remotely. It seems insurers … Continued.

Insurance

Insurance Cyber Insurance Authentication Network Security

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

SEPTEMBER 24, 2024

Credit monitoring services provide ongoing tracking of credit reports for suspicious activity, and some even offer insurance for identity theft-related losses. The growing threat of cybercrime, including ransomware attacks and large-scale data leaks, is also pushing individuals to take more control of their personal data.

Authentication

Authentication Identity Theft Banking Data breaches

Experian’s Credit Freeze Security is Still a Joke

Krebs on Security

APRIL 26, 2021

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. Dune Thomas is a software engineer from Sacramento, Calif. and $24.99

Authentication

Authentication Accountability Identity Theft Account Security

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Krebs on Security

SEPTEMBER 2, 2021

Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials. Because these accounts can all be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value.

Accountability

Accountability Authentication Passwords Hacking

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

MAY 31, 2019

On May 24, KrebsOnSecurity broke the news that First American had just fixed a weakness in its Web site that exposed approximately 885 million documents — many of them with Social Security and bank account numbers — going back at least 16 years. No authentication was needed to access the digitized records. ”

Financial Services

Financial Services Insurance Banking Authentication

Sperm bank breach deposits data into hands of cybercriminals

Malwarebytes

MARCH 19, 2025

The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Social Security Numbers (SSN) Health insurance information CCB is posting lettersalong the lines of this California example to everyone who may be impacted.

Banking

Banking Data breaches Computers and Electronics Passwords

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare

Healthcare Data breaches Passwords Identity Theft

RSAC Fireside Chat: Start-up Anetac rolls out a solution to rising ‘service accounts’ exposures

The Last Watchdog

MAY 30, 2024

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users. Service accounts have multiplied exponentially in recent years and become a prime target of threat actors, since little has been done to beef up protection. LW provides consulting services to the vendors we cover.)

Accountability

Accountability Small Business Insurance Passwords

UnitedHealth Confirms 100 Million Affected in Change Healthcare Breach

SecureWorld News

OCTOBER 28, 2024

UnitedHealth, one of the largest health insurers in the United States, had to undertake a lengthy investigation to confirm the scope of the breach, and its findings emphasize the need for agile security operations that can respond quickly to contain threats and protect data.

Healthcare

Healthcare Insurance Government Data breaches

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Malwarebytes

MARCH 25, 2025

That has worried some experts who have pointed out that a new owner could, for instance, hand over customer data to insurance companies to hike up monthly premiums, or to data brokers to power increasingly invasive, targeted advertising. Enable two-factor authentication (2FA). Under Settings , scroll to the section titled 23andMe data.

Passwords

Passwords Accountability Data breaches Phishing

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

JUNE 4, 2019

. “AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance),” the filing reads. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

Insurance

Insurance Banking Accountability Data privacy

Experian API Exposed Credit Scores of Most Americans

Krebs on Security

APRIL 28, 2021

” Demirkapi found the Experian API could be accessed directly without any sort of authentication, and that entering all zeros in the “date of birth” field let him then pull a person’s credit score. “Too many consumer finance company accounts,” the API concluded about my friend’s score.

Insurance

Insurance Identity Theft Accountability Technology

4 ways businesses can save money on cyber insurance

Malwarebytes

JULY 10, 2022

Without cyber insurance , you can expect to pay a dizzying amount of cash. In 2022 alone, the average cost of a data breach for businesses under 1,000 employees was close to $3 million—and these costs are coming from activities that cyber insurers typically cover, such as detecting and responding to the breach. Fixed rate.

Cyber Insurance

Cyber Insurance Insurance Data breaches Phishing

Identity Verification vs Authentication: Key Similarities And Differences

CyberSecurity Insiders

AUGUST 1, 2022

While verification and authentication are terms that are often used interchangeably, they are in fact two separate operations. Digital verification and authentication play a critical role in preventing fraud and cyberattacks. However, if an insurance company uses a legacy system (see “ What is a legacy system in insurance?

Authentication

Authentication Passwords Technology Insurance

Cyber Insurance and the Changing Global Risk Environment

Security Affairs

APRIL 22, 2022

When security fails, cyber insurance can become crucial for ensuring continuity. Our reliance on digital technology and the inherited risk is a key driving factor for buying cyber risk insurance. If the technology were to become unavailable, the resulting business impact could be mitigated with cyber insurance.

Cyber Insurance

Cyber Insurance Insurance Risk Technology

How MFA and Cyber Liability Insurance Effectively Manage Risk in Higher Education

Duo's Security Blog

OCTOBER 18, 2021

One area where campuses have been collaborating recently are changes around cyber liability insurance for higher education, an opportunity for campus cybersecurity teams to combine forces with their risk management team. In a recent Duo blog post, we gave an overview of cyber liability insurance.

Insurance

Insurance Education Risk Cyber Insurance

IRS To Ditch Biometric Requirement for Online Access

Krebs on Security

FEBRUARY 7, 2022

as a condition of receiving state or federal financial assistance, such as unemployment insurance, child tax credit payments, and pandemic assistance funds. In the face of COVID, dozens of states collectively lost tens of billions of dollars at the hands of identity thieves impersonating out-of-work Americans seeking unemployment insurance.

Insurance

Insurance Government Authentication Accountability

Multi-Factor Authentication Best Practices & Solutions

eSecurity Planet

OCTOBER 5, 2021

Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. At this point, multi-factor authentication (MFA) has permeated most applications, becoming a minimum safeguard against attacks. Jump to: What is multi-factor authentication? MFA can be hacked.

Authentication

Authentication Passwords Mobile Accountability

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

Verizons Data Breach Investigations Report showed that 74% of security breaches involve a human element, with system administrators and developers accounting for most of these errors. Insurance Becomes a Necessity The rise of high-profile cyberattacks has led to increased demand for cyber insurance.

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

Phishing accounted for nearly 25% of all breaches. The DBIR breaks down breach trends across industries: Financial and Insurance: Heavily targeted by credential stuffing and phishing; fastest detection rates. The most effective controls combine microsegmentation with strong authentication and adaptive access and behavioral analytics.

Ransomware

Ransomware CISO Backups Risk

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. Take your time.

Ransomware

Ransomware Data breaches Passwords Phishing

Checklist for Getting Cyber Insurance Coverage

Thales Cloud Protection & Licensing

MAY 10, 2022

Checklist for Getting Cyber Insurance Coverage. The necessity for cyber-insurance coverage. With cyber attacks amounting to a question of when and not if, cyber insurance becomes crucial for ensuring business continuity and mitigating the business impact of attacks – should they occur. Tue, 05/10/2022 - 05:43.

Cyber Insurance

Cyber Insurance Insurance Cyber Risk Cyber Attacks

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

Once the number has been transferred, the criminal has control of any accounts that are identified by caller ID (including many financial institutions) as well as any accounts protected by two-factor authentication. It is believed this was the method used to recently hack Jack Dempsey’s Twitter account. . What You Can Do.

Scams

Scams Accountability Financial Services Insurance

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

The event is sponsored by the Federal Trade Commission (FTC), and other participating agencies include the Federal Deposit Insurance Corporation (FDIC), AARP , and the Better Business Bureau (BBB). Secure payment methods Ensure safe processing of financial transactions.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required). This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information.

Banking

Banking Government Information Security Authentication

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems. Most immediately is the ubiquity of 2-factor authentication.

Mobile

Mobile Data breaches Authentication Accountability

How $100M in Jobless Claims Went to Inmates

Krebs on Security

FEBRUARY 25, 2021

Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. Many states also lacked the ability to tell when multiple payments were going to the same bank accounts. are using it. 77,000 NEW (AB)USERS EACH DAY.

Scams

Scams Insurance DDOS Authentication

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

AUGUST 12, 2019

Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. No authentication was required to view the documents. First American Financial Corp. In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.

Insurance

Insurance Banking Authentication Accountability

MSPs: Becoming the Trusted Cyber Insurance Advisor

Duo's Security Blog

FEBRUARY 4, 2025

With the rate that new threats emerge, it may come as no surprise that cyber liability insurance can be traced back to 1997. In its modern iteration, cyber liability insurance mitigates the losses and business costs associated with cyber incidents and resulting downtime. What would an insurer do? At least not alone.

Cyber Insurance

Cyber Insurance Insurance Authentication Risk

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

Joseph Steinberg

APRIL 20, 2021

Hospitals, medical clinics, labs, pharmacies, insurance companies, and others involved in the vaccination process often require people who want to be vaccinated to share large amounts of both medical and demographic data in order to register for vaccine appointments.

Healthcare

Healthcare Insurance Computers and Electronics Data collection

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

The CLOP members said one tried-and-true method of infecting healthcare providers involved gathering healthcare insurance and payment data to use in submitting requests for a remote consultation on a patient who has cirrhosis of the liver. Encrypting sensitive data wherever possible. ”

Healthcare

Healthcare Backups Ransomware Insurance

Ransomware: Number One Cyber Insurance Claim

SecureWorld News

SEPTEMBER 10, 2020

Trends of cyber insurance claims for 2020. Coalition, a cyber insurance company, recently released a report detailing the categories of cyber attacks as well as the cause behind the attacks for the first half of 2020. The company says that ransomware accounted for 41% of cyber claims. Cyber insurance works.

Cyber Insurance

Cyber Insurance Insurance Ransomware Cyber Attacks

Change Healthcare Breach Hits 100M Americans

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Webinars

Trending Sources

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Webinars

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

E-Verify’s “SSN Lock” is Nothing of the Sort

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

The Taxman Cometh for ID Theft Victims

Masterclass in CIAM for Insurance: Balancing Security, Experience, and Consent

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

NY Charges First American Financial for Massive Data Leak

IRS Will Soon Require Selfies for Online Access

Cyber Liability Insurance and MFA on both internal and remote access

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

Experian’s Credit Freeze Security is Still a Joke

Gift Card Gang Extracts Cash From 100k Inboxes Daily

NY Investigates Exposure of 885 Million Mortgage Documents

Sperm bank breach deposits data into hands of cybercriminals

100 million US citizens officially impacted by Change Healthcare data breach

RSAC Fireside Chat: Start-up Anetac rolls out a solution to rising ‘service accounts’ exposures

UnitedHealth Confirms 100 Million Affected in Change Healthcare Breach

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Experian API Exposed Credit Scores of Most Americans

4 ways businesses can save money on cyber insurance

Identity Verification vs Authentication: Key Similarities And Differences

Cyber Insurance and the Changing Global Risk Environment

How MFA and Cyber Liability Insurance Effectively Manage Risk in Higher Education

IRS To Ditch Biometric Requirement for Online Access

Multi-Factor Authentication Best Practices & Solutions

Top Cybersecurity Trends to Watch Out For in 2025

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

BayMark Health Services sends breach notifications after ransomware attack

Checklist for Getting Cyber Insurance Coverage

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Many Public Salesforce Sites are Leaking Private Data

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

How $100M in Jobless Claims Went to Inmates

SEC Investigating Data Leak at First American Financial Corp.

MSPs: Becoming the Trusted Cyber Insurance Advisor

COVID-19 Vaccination Management Problems Have Created a Privacy Nightmare For Americans – Even Without Vaccine Passports

New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware: Number One Cyber Insurance Claim

Stay Connected