Heimdal
article featured image

Contents:

Keenan data breach exposes sensitive data belonging to 1,509,616 individuals. The insurance broker company notified the impacted customers and employees on January 26th, 2024.

According to the data breach notification, the hackers gained access to Keenan’s network on August 21st, 2023. The company discovered the intrusion a few days later, on August 27th. They opened an investigation and informed law enforcement.

Keenan Data Breach Risks

After the threat actors got into Keenan’s internal systems, they obtained access to some of the customers’ and employees’ private data:

  • Full name
  • Social Security number (SSN)
  • Passport number
  • Driver’s license number
  • Details regarding the person’s health
  • Health insurance information
  • Date of birth

Although there are no financial details among the compromised data, hackers still have enough information to perform:

According to the Federal Trade Comission,

thieves who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name, but also to commit tax identity theft. People who are notified early can take steps to limit the damage.

Source – Federal Trade Comission, the Data Breach Response Guide

In this case, the affected individuals were notified about their data being stolen after roughly five months since the incident happened. The HIPAA Breach Notification Rule states that companies should inform the impacted persons not later than 60 days after discovering the breach.

What next

As a precaution, the company offered its affected customers and employees a free two-year identity theft protection service. They also advised them to lookout for suspicious account activities and phishing.

For now, there is no evidence that the hackers used the compromised data for malicious activities. While the company took additional security measures, the data breach investigation continues:

To help prevent a similar type of incident from occurring in the future, we implemented additional security protocols designed to enhance the security of our network, internal systems and applications. Keenan will also continue to evaluate additional steps that may be taken to further increase our defenses. In addition, we are continuing to support federal law enforcement’s investigation.

Source – Kenan & Associates notice letter

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE