Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Keenan data breach exposes sensitive data belonging to 1,509,616 individuals. The insurance broker company notified the impacted customers and employees on January 26th, 2024.
According to the data breach notification, the hackers gained access to Keenan’s network on August 21st, 2023. The company discovered the intrusion a few days later, on August 27th. They opened an investigation and informed law enforcement.
Keenan Data Breach Risks
After the threat actors got into Keenan’s internal systems, they obtained access to some of the customers’ and employees’ private data:
- Full name
- Social Security number (SSN)
- Passport number
- Driver’s license number
- Details regarding the person’s health
- Health insurance information
- Date of birth
Although there are no financial details among the compromised data, hackers still have enough information to perform:
- phishing attacks
- identity theft
- health insurance fraud
- financial fraud
According to the Federal Trade Comission,
thieves who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name, but also to commit tax identity theft. People who are notified early can take steps to limit the damage.
Source – Federal Trade Comission, the Data Breach Response Guide
In this case, the affected individuals were notified about their data being stolen after roughly five months since the incident happened. The HIPAA Breach Notification Rule states that companies should inform the impacted persons not later than 60 days after discovering the breach.
What next
As a precaution, the company offered its affected customers and employees a free two-year identity theft protection service. They also advised them to lookout for suspicious account activities and phishing.
For now, there is no evidence that the hackers used the compromised data for malicious activities. While the company took additional security measures, the data breach investigation continues:
To help prevent a similar type of incident from occurring in the future, we implemented additional security protocols designed to enhance the security of our network, internal systems and applications. Keenan will also continue to evaluate additional steps that may be taken to further increase our defenses. In addition, we are continuing to support federal law enforcement’s investigation.
Source – Kenan & Associates notice letter
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
