US insurance company USG has customer data leaked on forum

Cybernews recently discovered a 500GB database purportedly belonging to USG Insurance Services being leaked online for free on a popular Russian hacking forum. The cybercriminal leaking the data claims that it includes scans of sensitive documents containing such information as social security numbers and account balances.

The first part of the data was published on October 27, 2020, and the second part was made available November 4, 2020. It appears to be part of a failed post-breach negotiation, after the breached company opted to not pay the ransom.

The total leak is said to be 500GB in size, with a total of 5.25 million files.

Cybernews asked USG Insurance Services if they could confirm that the leak was theirs, and whether they have alerted their customers. However, they have not received any responses yet.

Because it is a broker, USG represents a variety of insurance carriers in all states. Based on the samples we saw from the leaked database, this matches up with USG’s description. A lot of the scanned documents are from various insurance companies.

Because the data was made freely available on a popular Russian hacking forum from the end of October, it’s reasonable to assume that a sizable portion of the forum had access to the data.

The question remains how many actually accessed it, and of that, how many are using that data for their cybercriminal activities.

Full article on https://cybernews.com/security/us-insurance-company-has-customer-data-leaked-on-forum/

#dataleak #USG #USA #mindyourdata #yokdata #blog