On Wednesday, two companies revealed alarming updates regarding significant data breaches, indicating that a vast number of individuals had their sensitive information compromised during incidents that transpired over the summer.
Allianz Life Insurance Company amended its regulatory filings to confirm that 1.49 million clients had their data accessed on July 16 due to a breach involving a cloud system. Hackers managed to obtain personal information related to Allianz Life customers, financial professionals, and certain employees.
The compromised data encompasses names, addresses, dates of birth, and Social Security numbers. Though the company issued breach notices in July, it did not specify the number of affected individuals until now.
Previously, the company stated that “a malicious threat actor gained access to a third-party CRM system,” although the identity of the third-party vendor remains undisclosed. The FBI was informed of the breach in July.
This incident at Allianz Life aligns with a broader series of attacks this summer attributed to the Scattered Spider cybercriminal group, which has been actively targeting the insurance sector. Other significant players in the industry, such as Aflac, Erie Insurance, and Philadelphia Insurance Companies, have also reported cyber incidents.
Motility Cyber Incident
In another development, software provider Motility informed customers of a security breach discovered on August 19. The company specializes in software solutions for recreational vehicle dealerships.
Motility confirmed it was the victim of a ransomware attack where hackers encrypted critical servers underpinning business operations. An internal investigation uncovered that the attackers had stolen personal data from 766,670 individuals prior to encrypting the organization’s systems. The stolen information ranges from names and addresses to Social Security and driver’s license numbers.
The Pear ransomware gang has since claimed responsibility for the attack, reportedly exfiltrating 4.3 TB of data from Reynolds & Reynolds, the parent company of Motility. This group emerged as a new threat in August and has been linked to assaults on multiple organizations and governmental entities.
Requests for comments from both Allianz Life and Motility regarding these breaches have not yet received a response.
Given the high consolidation in the market for vehicle dealership software, providers have increasingly become attractive targets for ransomware groups. A previous attack on software firm CDK Global had national repercussions, severely disrupting operations for thousands of dealerships for several weeks.
Recorded Future
Intelligence Cloud.
