Insurance Data Breach Doubles: 1.6 Million People Now Exposed in Landmark Admin Cyberattack

Landmark Admin, a Texas-based insurance admin provider, has revealed that its recent cyberattack was worse than first reported—way worse. The company now says a staggering 1.6 million people had their sensitive information exposed, doubling its initial estimate from last fall.

It all started when Landmark detected suspicious activity in its network back on May 13, 2024. The original word was that about 806,000 individuals were caught up in the mess. But in a fresh update to the Maine Attorney General's office, Landmark admits the real tally is 1,613,773. For those keeping score at home, that's nearly everyone in Philadelphia plus a few suburbs.

Landmark’s role as a third-party administrator means it handles insurance records for major companies like Liberty Bankers Life and American Benefit Life. Translation: a goldmine of private data that hackers would love to get their hands on.

The exposed details run the gamut—names, addresses, Social Security numbers, tax IDs, driver's licenses, passport numbers, bank account info. For some, even medical records, birth dates, health insurance policy numbers, and life/annuity policy details are now potentially floating around the dark web. Basically, if you’ve ever dreamed of being the star of an identity theft drama, this is your chance. (Okay, not really. Please don’t.)

The company says its forensic investigation is still underway, and the headcount of affected folks could get even higher. Personalized notification letters are being sent out in phases, letting each person know exactly what got spilled. So if you haven't gotten mail from Landmark yet, keep an eye on your mailbox—or maybe start a support group with your neighbors.

Landmark is offering 12 months of free credit monitoring and identity theft protection to those impacted. They've also set up a dedicated helpline for the next 90 days, so people can ask questions or just vent about the joys of modern digital life. Recipients are being urged to keep a close watch on their credit, consider fraud alerts or freezes, and take steps to protect themselves.

For anyone caught up in the breach, here are a few solid moves:

• Consider identity theft protection services. These monitor your credit, Social Security number, and even the dark web for signs your info is being misused. If the worst happens, recovery specialists can help you dispute charges and restore your identity. Many services even cover up to $1 million in losses and legal fees.
• Keep tabs on your accounts and transactions. Since bank info was exposed, watch for any unauthorized activity in your bank and credit card accounts.
• Contact your bank and credit card companies. Let them know you may have been affected so they can help freeze or replace your cards and flag any suspicious activity.
• Try personal data removal services. These services work to scrub your info from various online databases, making it harder for scammers to find you. No one can erase everything, but it’s better than nothing.
• Install strong antivirus software. With names and email addresses leaked, phishing attempts are only a click away. Antivirus programs can help spot and block malware and scam emails.
• Enable two-factor authentication (2FA). Even though passwords weren’t exposed, adding 2FA to your accounts puts up an extra barrier for would-be hackers.

The worst part about breaches like this isn’t the headline—it's the slow, unglamorous fallout. As more victims and more details trickle out, it gets harder for anyone to keep up. Landmark’s drawn-out disclosures remind us that in the world of cyberattacks, bad news really does age like milk.