First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries.

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The insurance firm is notifying the impacted customers, but it did not disclose the number of affected users.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Expanding Through M&A in the Insurance Industry

Perficient Data & Analytics

M&A is always on the table, as it can provide quicker access to more customers through geographic expansion, as well as new business lines and capabilities. Yet even as insurance companies lean on M&A for growth, every insurance company requires a more comprehensive program to achieve its growth targets. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry.

Arron Banks, the insurers and my strange data trail

The Guardian Data Protection

Carole Cadwalladr just wanted to insure her car. In fact, I had no idea about either the question or the answer when I submitted a “subject access request” to Eldon Insurance Services in December last year. And the subject access request – a legal mechanism I’d learned about from Paul-Olivier Dehaye, a Swiss mathematician and data expert – was a shot in the dark.

New Hampshire Governor Signs Insurance Data Security Law

Hunton Privacy

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. In addition, each insurer domiciled in the state must submit an annual written statement by March 1 that certifies that the insurer is in compliance with the requirements set forth. Cyber Insurance Cybersecurity Information Security U.S.

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. By doing so, Michigan joins Ohio and South Carolina as the third state to adopt the Model Law and the fifth state – along with Connecticut and New York – to have enacted cybersecurity regulations focused on insurance companies. This means all insurers, agencies, and brokers doing business in Michigan are covered.

Attracting and Cultivating Customers in the Insurance Industry

Perficient Data & Analytics

In a digital and mobile era, insurance companies must cater to customers’ demands and expectations by providing fast and frequent communication, access to more digestible and transparent information, and, of course, convenience. — To learn what else is driving growth, productivity, and efficiency, download our new guide: 2018 State of the Insurance Industry.

Group-IB and CryptoIns introduce the world’s first insurance against cyber threats for cryptocurrency exchanges

Security Affairs

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Group-IB, an international company that specializes in preventing cyber attacks, and a Swiss insurance broker ASPIS SA that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges cybersecurity, allowing the exchanges’ clients to ensure their assets.

The Evolution of Health IT is Affecting How People Think of Benefits and Insurance


The healthcare industry has increased access to health services and patient data with advances in health IT. These advances are impacting insurance benefit offerings. News Amazon healthcare industry insurance benefit offeringsOne example is with recent Amazon Alexa updates where PHI can be communicated through Alexa in a HIPAA compliant way. Read more here.

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

So why hasn’t the corporate sector been more effective at locking down access for users? based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Here are takeaways from our fascinating discussion: Access pain points.

Access 145

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners. Separately, effective July 1, 2019, the law requires insurance companies licensed in South Carolina to develop and implement a comprehensive, written cybersecurity program.

Off-Site Storage for Insurance Companies

Armstrong Archives

Your insurance company has been collecting and storing consumer data for as long as it’s been in business. If you provide medical insurance, the documents you collect are high-value targets for criminals. When you need access, it’s easy to find the container you need.

Adventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance

Data Protection Report

Given the level of interest in the case, we have prepared a deeper-dive into the facts and the implications of the decision, with a focus on the important role played in the case by cyber insurance. However, the involvement of the victim’s insurers has received less attention.

Hackers access healthcare, personal info from Toyota entity

Information Management Resources

Hackers accessed information systems at Toyota Industries North America, compromising personal and protected health information. Data breaches Cyber security Hacking Protected health information Insurance HIPAA regulations

How Cyber Essentials can help secure your access controls

IT Governance

This blog covers access controls. Deficient access controls result in security breaches. Any organisation whose employees connect to the Internet needs some level of access control in place. Secure your access controls. Reduce cyber insurance premiums.

Access to over 3,000 compromised sites sold on Russian black marketplace MagBo

Security Affairs

Security experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo. “Access to approximately 3,000 breached websites has been discovered for sale on a Russian-speaking underground marketplace called MagBo.

Access 111

Data of 75,000 at risk after breach of federal insurance exchanges

Information Management Resources

The Centers for Medicare and Medicaid Services is reporting unauthorized access to consumer data in systems that support federal insurance exchanges. Data breaches Cyber security Data security Federal health insurance exchanges

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Now the financial institution is suing its insurance provider for refusing to fully cover the losses. At the conclusion of the 2017 heist, the hackers used their access to delete evidence of fraudulent debits from customer accounts.

Hackers access patient data at Oklahoma State facility

Information Management Resources

Hacking Protected health information Data breaches Cyber security InsuranceInformation of 279,865 individuals may have been exposed during the November 2017 attack.

Auto claims leans into AI, automation

Information Management Resources

Farmers and other carriers are engaging and empowering their customers’ self-service lifestyle and thirst for real-time access to information. Claims Auto insurance Telematics Farmers Insurance

If a Data Breach Occurs and Nobody Accesses Customer Data, Does it Constitute “Publication”?

Hunton Privacy

As reported on the Hunton Insurance Recovery Blog , data breach claims involving customer data can present an ever-increasing risk for companies across all industries. A panel of the Fourth Circuit confirmed that general liability policies can afford coverage for cyber-related liabilities, and ruled that an insurer had to pay attorneys’ fees to defend the policyholder in class action litigation in Travelers Indemnity Company v.

Data analytics – how should insurers look to the future?


Data analytics – how should insurers look to the future? With a plethora of new data sources across the property and casualty (P&C) general insurance lifecycle now becoming available, how do insurers create an all-encompassing data analytics policy for the future?

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Hunton Privacy

On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”). The Measures require life insurance companies and their agents to ensure the authenticity of personal data of life insurance policy holders.

Traditional Insurance Policies May Cover Cyber Risks

Hunton Privacy

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports: Insurers often contend that traditional policies do not cover cyber risks, such as malware attacks and data breach events. Indeed, injecting malware generally requires physical access to a device, whether over a wireless or wired network or through actual contact, and a physical rearrangement of memory. Those polices may offer protection, even without a separate cyber insurance policy.

“An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack

IT Governance

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. In that regard, it was a job well done, with one report estimating that insurers could expect to pay out more than $80 billion (£61 billion) as a result of the attack. However, the insurer soon changed its mind, claiming an exclusion for “hostile and warlike action in time of peace and war [by] a government or sovereign power”.

New Payment Technologies Should Reduce Demand for Cyber Insurance

Hunton Privacy

Hunton & Williams Insurance Litigation & Counseling partner Lon Berk reports: As the demand for cyber insurance has skyrocketed, so too has the cost. New payment technologies, however, will change the need for this type of cyber insurance. the need for cyber insurance protecting retailers against point-of-sale malware should sharply drop. Cyber Insurance Cybersecurity Payment Card

Sales 40

Telstra warns public trust will crumble unless access to data is limited

The Guardian Data Protection

Telco says diverse agencies accessing data through legal loophole need to follow the same process as law enforcement bodies Telstra has warned that public trust in the security of their data will be eroded if government agencies continue to be allowed access to it without appropriate authorisation.

State Farm Investigates Credential-Stuffing Attack

Data Breach Today

Not Yet Clear How Many Customers May Have Been Affected Insurer State Farm has been hit by a credential-stuffing attack designed to gain access to U.S.

TORA Trading is bullish on data analytics and reporting solution from OpenText

OpenText Information Management

This bit of wisdom still applies to companies today, but many organizations struggle to access and leverage the valuable knowledge in their business data. Technologies AI & Analytics OEM Banking & Insurance

Digital Transformation in UK General Insurance: Where do MGAs fit in?


Digital Transformation in UK General Insurance: Where do MGAs fit in? According to the latest ABI data 48% of motor insurance premiums and 76% of home insurance premiums are purchased via intermediaries (excluding aggregator web sites).

Maryland Court Finds Coverage for Lost Data and Slow Computers After Ransomware Attack

Hunton Privacy

As previously posted on our Hunton Insurance Recovery blog , a Maryland federal court awarded summary judgment to policyholder National Ink in National Ink and Stitch, LLC v. State Auto Property and Casualty Insurance Company , finding coverage for a cyber attack under a non-cyber insurance policy after the insured’s server and networked computer system were damaged as a result of a ransomware attack.

Nationwide partners with Verisk Analytics on insurance fraud

Information Management Resources

Vendor’s technology searches for indicators as first notice of loss information comes in, giving users access to a business intelligence dashboard. Fraud prevention Claims Fraud losses Fraud detection Business intelligence Nationwide Verisk Analytics

State Farm Reports Credential-Stuffing Attack

Dark Reading

The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts

Four Use Cases Proving the Benefits of Metadata-Driven Automation


The banking, financial services and insurance industry typically deals with higher data velocity and tighter regulations than most. Metadata-Driven Automation in the Insurance Industry.

Keeping Up with New Data Protection Regulations


Due to these pre-existing regulations, organizations operating within these sectors, as well as insurance, had some of the GDPR compliance bases covered in advance.

Connecticut Insurance Department Issues Five-Day Breach Reporting Requirement

Hunton Privacy

On August 18, 2010, the Connecticut Insurance Department (the “Department”) issued Bulletin IC-25 , which requires entities subject to its jurisdiction to notify the Department in writing of any “information security incident” within five calendar days after an incident is identified. State Law Connecticut Consumer Protection Credit Monitoring Insurance Provider

The Tragedy of the Data Commons

John Battelle's Searchblog

No, this post is about the business of health insurance. Last week ProPublica published a story titled Health Insurers Are Vacuuming Up Details About You — And It Could Raise Your Rates. So what does this have to do with healthcare, data, and the insurance industry?

Bankers Life Hack Affects More Than 566,000

Data Breach Today

Company Says Medicare Supplemental Plan Policyholders Among Those Impacted Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident.

Regulatory Update: NAIC Fall 2019 National Meeting

Data Matters

The National Association of Insurance Commissioners (the NAIC) held its Fall 2019 National Meeting (Fall Meeting) in Austin, Texas, from December 7 to 10, 2019. The Annuity Suitability (A) Working Group and the Life Insurance and Annuities (A) Committee are expected to meet before the end of 2019 to finalize the proposed revisions in their entirety. Term and Universal Life Insurance Reserve Financing Model Regulation and 2016 Revisions to the CFR Model Laws.