Ransomware Gang Has 6M Life and Annuity Client Records

Companies that write and reinsure your clients’ life insurance policies and annuity contracts say the Clop Ransomware Gang has stolen personal records for at least 6 million people, and that many of the stolen records include Social Security numbers.

The life and annuity issuers are caught up in a massive cyberattack that has affected hundreds of companies and government agencies throughout the world since late May. Affected life insurers and reinsurers use a file transfer system called MOVEit to exchange data with PBI Research Services. Since January, the Clop gang has been using a vulnerability in the file transfer system to install ransomware software on organizations’ computers.

Clop announced on June 7 in a blog post that it would begin publishing stolen client information if affected companies did not make ransom payments by June 14. The organization appears to be continuing to negotiate with some victims, but it has started posting some of the affected records on a site on the “dark web,” according to press reports.

The total number of affected life and annuity customers may be much smaller than the number of records affected. Some people may have had two or more life or annuity products included in the hacked data. A life insurer and a reinsurer also may have had separate affected records related to the same underlying product.

What It Means

Thieves, blackmailers and other foes who want to see your clients’ personal information and get into their retirement accounts, annuity accounts, life insurance accounts and other accounts may now find it cheaper and easier to accomplish those tasks.

Known Life, Health & Annuity Clop Victims

Here’s a look at some of the companies affected by the Clop attack and the number of policyholders and other customers who might have been involved, based on SEC filings and reports to the Maine attorney general’s office, which has an especially…