The Washington State Office of the Attorney General disclosed a data breach affecting Insurance Technologies Corporation (ITC) on April 29, 2021, stemming from an incident on February 27, 2021. Unauthorized actors gained access to the AgencyMatrix application, a platform used by ITC, compromising the personal information of 3,925 Washington residents. The exposed data included highly sensitive details such as names, Social Security numbers (SSNs), and driver’s license numbers information frequently exploited in identity theft, financial fraud, and phishing schemes.The breach posed significant risks to the affected individuals, as SSNs and driver’s license numbers are critical identifiers for financial and governmental transactions. While the exact method of unauthorized access was not detailed, the exposure of such data typically results in long-term vulnerabilities for victims, including potential credit damage, unauthorized account openings, and targeted scams. ITC, as the custodian of this data, faced reputational harm and potential regulatory scrutiny under data protection laws, particularly given the scale and sensitivity of the compromised records. The incident underscored vulnerabilities in third-party application security, raising concerns about the adequacy of access controls and monitoring within ITC’s digital infrastructure.
TPRM report: https://www.rankiteo.com/company/insurance-technologies
"id": "ins730082025",
"linkid": "insurance-technologies",
"type": "Breach",
"date": "2/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3,925',
'industry': 'Insurance Technology',
'location': 'Washington, USA (residents affected)',
'name': 'Insurance Technologies Corporation (ITC)',
'type': 'Corporation'},
{'industry': 'Legal/Regulatory',
'location': 'Washington, USA',
'name': 'Washington State Office of the Attorney '
'General',
'type': 'Government Agency'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access)',
'number_of_records_exposed': '3,925',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
"driver's license "
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2021-02-27',
'date_publicly_disclosed': '2021-04-29',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving Insurance Technologies Corporation '
'(ITC) on April 29, 2021. The breach occurred on February 27, '
'2021, due to unauthorized access to the AgencyMatrix '
'application, potentially affecting 3,925 Washington '
"residents' personal information including names, Social "
"Security numbers, and driver's license numbers.",
'impact': {'data_compromised': ['names',
'Social Security numbers',
"driver's license numbers"],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['AgencyMatrix application']},
'initial_access_broker': {'entry_point': 'AgencyMatrix application',
'high_value_targets': ['PII of Washington '
'residents']},
'references': [{'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Office of the Attorney General'},
'title': 'Data Breach at Insurance Technologies Corporation (ITC) Affecting '
'Washington Residents',
'type': 'Data Breach'}