• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Millions of Insurance Customers Compromised Via Supplier

You are here: Home / General Cyber Security News / Millions of Insurance Customers Compromised Via Supplier
January 13, 2023

Two insurance coverage multi-nationals have unveiled that hundreds of thousands of Japanese customers’ aspects ended up hacked and put up for sale soon after a third-party contractor was reportedly breached.

Statements from Aflac and Zurich really don’t name the breached supplier, but a area report from Tokyo-based mostly information agency Jiji Press claimed the exact US sub-contractor was to blame.

In overall, all-around two million shoppers were being impacted by the incident – like 1.3 million enrolled in Aflac’s cancer insurance policies policies and 760,000 Zurich auto-insurance policyholders.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Aflac said the compromised data included age, gender, previous name, plan amount, insurance coverage sort quantity and protection amount of money/quality.

“It ought to be famous that the above goods of particular facts leaked to the data leak website alone simply cannot detect an personal,” the insurance provider claimed. “Therefore, we imagine that the probability of the leaked details currently being misused by a 3rd party is really minimal.”

Aflac extra that the sub-contractor which was initially compromised has deleted customer information and facts from the server that was specific. Aflac reported it is getting unspecified supplemental “measures” to stop comparable incidents from occurring in the foreseeable future.

Independently, hackers managed to access purchaser info connected to Zurich vehicle insurance coverage. Names, email addresses, policy figures, shopper IDs, dates of birth and car or truck details have reportedly been compromised.

Only Japanese customers of the two insurers are assumed to have been impacted by the incident.

Lior Yaari, CEO and co-founder of Grip Security, argued that compromised credentials are the most probably way hackers obtained entry to the server in issue.

“Whether it’s a third party, former personnel, extremely permissive grants or dangling entry on zombie accounts, the opportunity to exploit qualifications and thus get obtain to delicate data has by no means been additional desirable,” he included.

“Which is one particular of the reasons third parties and their credentials to access consumer devices keep on being top rated attacker targets.”

Reported Liat Hayun, CEO of Eureka Security, argued that no firm can be reliable with critical data belongings these days.

“However, the reality is that companies use 3rd-party sellers to help working day-to-day operations,” he included. “It is best to perform with third-party vendors who have the exact, if not improved, details security guidelines than your individual firm to more accelerate working day-to-working day operations.”

Editorial credit icon picture: Ralf Liebhold / Shutterstock.com


Some parts of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «fortios flaw exploited as zero day in attacks on government and FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
Next Post: Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023! get unified cloud and endpoint security: only $1 for 1,000»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.