Golden Rule Insurance Associates, LLC suffered a data breach due to a configuration error in Vertafore’s QQCatalyst system, exposing sensitive information over an extended period. The breach occurred between January 1, 2012, and December 31, 2020, affecting 5,659 individuals, including at least one Maine resident whose driver’s license number was potentially compromised. The unauthorized access was attributed to a misconfiguration, allowing external parties to gain entry to the data. The company responded by mailing notification letters on July 7, 2021, and offered identity theft protection services via Kroll to impacted individuals. While the breach did not involve financial data or large-scale identity theft, the prolonged exposure period and the nature of the compromised data (driver’s license numbers) pose risks of identity fraud or misuse. The incident highlights vulnerabilities in third-party vendor systems and the importance of robust access controls and periodic security audits.
TPRM report: https://www.rankiteo.com/company/the-insurance-pad
"id": "the958091725",
"linkid": "the-insurance-pad",
"type": "Breach",
"date": "1/2012",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 5659,
'industry': 'Insurance',
'name': 'Golden Rule Insurance Associates, LLC',
'type': 'Insurance Company'},
{'industry': 'Insurance Technology',
'name': 'Vertafore (QQCatalyst)',
'type': 'Third-Party Vendor'}],
'attack_vector': "Misconfiguration (Vertafore's QQCatalyst)",
'customer_advisories': 'Notification letters with offer of identity theft '
'protection services (Kroll)',
'data_breach': {'number_of_records_exposed': 5659,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ["Driver's License Number"]},
'date_publicly_disclosed': '2021-07-07',
'description': 'The Maine Office of the Attorney General reported that Golden '
'Rule Insurance Associates, LLC experienced a data breach '
'involving unauthorized access due to a configuration error '
"with Vertafore's QQCatalyst, affecting 5,659 individuals. The "
'breach occurred between January 1, 2012, and December 31, '
"2020, with one Maine resident's driver's license number "
'identified as potentially compromised. Notification letters '
'were mailed on July 7, 2021, and identity theft protection '
'services were offered through Kroll.',
'impact': {'data_compromised': ["Driver's License Number"],
'identity_theft_risk': 'High (Identity theft protection services '
'offered)',
'systems_affected': ["Vertafore's QQCatalyst"]},
'post_incident_analysis': {'root_causes': "Configuration error in Vertafore's "
'QQCatalyst'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected individuals (July 7, 2021)',
'third_party_assistance': ['Kroll (Identity Theft Protection '
'Services)']},
'title': "Golden Rule Insurance Associates, LLC Data Breach via Vertafore's "
'QQCatalyst Configuration Error',
'type': 'Data Breach',
'vulnerability_exploited': 'Configuration Error'}