Insurance businesses targeted for customer details
Insurance companies exist to offer protection but they're increasingly having to protect themselves against a range of cyberattacks.
A new report from IntSights looks at the threats faced by insurance businesses and why they’ve become a particular problem in recent times.
Insurance companies hold a lot of personal information about customers, making them an attractive target for cybercriminals. This is especially true of health insurance policy details which are one of several types of data point that make healthcare providers valuable targets for criminals serving the fraud market.
It's not just individual’s data that's at risk though, details of business cyber insurance policies can help ransomware gangs maximize their takings by alerting them to which companies have cover and how much for. It's probably no coincidence that cyber insurer AXA became the target of an Avaddon ransomware attack in May 2021, shortly after it announced that it would stop reimbursing new French customers for ransom payments to attackers.
Often information can be obtained without having to break into networks and access customer databases directly. Hackers have also been exploiting weaknesses in online portals by entering information stolen in other cyberattacks which can often prompt insurance systems to reveal more.
Paul Prudhomme, head of threat intelligence advisory at IntSights, says, "In the US there were several attacks early last year against car insurance companies where actors were inputting compromised personal data that they had already acquired from other sources into these automated quoting systems where people could shop online and see how much a policy would cost. These automated systems would spit out people's drivers license numbers if you put in their other information like name, date of birth and so on that the actors have gotten some from somewhere else."
The full Insurance Industry Cyber Threat Landscape Report is available from the IntSights site.