The California Office of the Attorney General disclosed a data breach at Ameritas Life Insurance Corp. in July 2019, stemming from a phishing campaign that compromised employee email inboxes between May 1 and June 4, 2019. The attack exposed sensitive personal information, including names, Social Security numbers, and policy numbers of affected individuals. The breach occurred due to unauthorized access to corporate email accounts, likely exploited through deceptive phishing tactics targeting employees. While the exact number of impacted individuals was not specified in the report, the exposure of Social Security numbers a high-value target for identity theft and fraud elevates the severity of the incident. The company was required to notify regulatory authorities and affected parties, emphasizing the risks of financial fraud, identity misuse, and reputational harm stemming from the unauthorized access to confidential data. The incident underscores vulnerabilities in employee cybersecurity awareness and the persistent threat of phishing as an entry vector for data breaches in the insurance sector.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-148741
TPRM report: https://www.rankiteo.com/company/ameritas
"id": "ame035091825",
"linkid": "ameritas",
"type": "Breach",
"date": "5/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Insurance',
'location': 'United States (California)',
'name': 'Ameritas Life Insurance Corp.',
'type': 'Corporation'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': 'Potential (email inboxes compromised)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information', 'PII']},
'date_detected': '2019-06-04',
'date_publicly_disclosed': '2019-07-08',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Ameritas Life Insurance Corp. on July 8, '
'2019. The breach occurred between May 1, 2019, and June 4, '
'2019, due to a phishing campaign that compromised email '
'inboxes, potentially affecting personal information such as '
'names, Social Security numbers, and policy numbers.',
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
'Policy Numbers'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['Email Inboxes']},
'initial_access_broker': {'entry_point': 'Phishing Email',
'high_value_targets': ['Email Inboxes']},
'post_incident_analysis': {'root_causes': ['Successful phishing attack '
'leading to email compromise']},
'references': [{'date_accessed': '2019-07-08',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential California '
'Consumer Privacy Act '
'(CCPA) or other state '
'data breach laws'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at Ameritas Life Insurance Corp. via Phishing Campaign',
'type': 'Data Breach',
'vulnerability_exploited': 'Human (Email Compromise)'}