BackNine, a California-based tech company, has announced that hundreds of thousands of insurance applications that included sensitive information have been compromised in a data breach incident. A cyberattack allegedly occurred after one of the BackNine cloud servers was left unprotected. The exposed data dates back to 2015.
One of BackNine’s storage servers, hosted on Amazon’s cloud, was misconfigured and reportedly allowed unauthorized access to over 700,000 files, which included the completed insurance applications from some of the nation’s largest insurance carriers, including the following:
- AIG
- TransAmerica
- John Hancock
- Lincoln Financial Group
- Prudential
BackNine builds software for bigger insurance carriers that sell and maintain life and disability insurance policies. The exposed data may include:
- Names
- addresses
- Phone numbers
- Social Security numbers
- Medical diagnoses & medications
- Questionnaires about an applicant’s health
- Lab and test results
- Driver’s license numbers