Ameritas Life Insurance Corp.

On March 22, 2012, Ameritas Life Insurance Corp. suffered a data breach when an employee’s laptop was stolen from a vehicle. The incident exposed sensitive personal information of unidentified individuals, including names, addresses, Social Security numbers, and dates of birth. The breach was not immediately detected and was only reported to the California Office of the Attorney General on August 3, 2012 nearly five months later. The stolen device contained unencrypted data, heightening the risk of identity theft, financial fraud, or other malicious use of the compromised information. While the exact number of affected individuals remains undisclosed, the exposure of such highly sensitive details poses significant long-term risks to those impacted, including potential credit damage, phishing attacks, or unauthorized account access. The delay in reporting further exacerbated concerns about the company’s data protection protocols and incident response capabilities.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-32411

TPRM report: https://www.rankiteo.com/company/ameritas

"id": "ame020091825",
"linkid": "ameritas",
"type": "Breach",
"date": "3/2012",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Insurance',
                        'location': 'United States (California)',
                        'name': 'Ameritas Life Insurance Corp.',
                        'type': 'Corporation'}],
 'attack_vector': 'Theft of Physical Device (Laptop)',
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Social Security '
                                                         'Numbers',
                                                         'Dates of Birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2012-03-22',
 'date_publicly_disclosed': '2012-08-03',
 'description': 'The California Office of the Attorney General reported that '
                'Ameritas Life Insurance Corp. experienced a data breach on '
                "March 22, 2012, when an employee's laptop was stolen from a "
                'car, potentially exposing sensitive personal information of '
                'unknown individuals, including names, addresses, Social '
                'Security numbers, and dates of birth.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Social Security Numbers',
                                 'Dates of Birth'],
            'identity_theft_risk': 'High (PII exposed)',
            'systems_affected': ['Employee Laptop']},
 'post_incident_analysis': {'root_causes': 'Theft of unsecured laptop '
                                           'containing sensitive data'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'Ameritas Life Insurance Corp. Data Breach (2012)',
 'type': 'Data Breach (Physical Theft)'}