Insurance companies are in the crosshairs of a new set of cyberattacks, prompting a cyber leader to ring alarm bells for Canadian insurers.
The vulnerability lies in the P&C industry wanting to make life easier for consumers, explained Matt Cullina, Sontiq’s head of global insurance business. Sontiq recently acquired CyberScout.
Many insurers these days are touting themselves as being able to provide an online quote in mere minutes. Hackers are taking advantage of this quicker service to steal consumer information.
Here’s how it works: Hackers input personal information, likely obtained through another data breach, into an insurance company’s quoting platform. The insurer then uses a third-party vendor to quickly populate the fields of a submission form with other information related to the consumer being impersonated. Such supplementary information might include a vehicle identification number (VIN), how many other licensed drivers are in the home, second addresses, and data of that nature.
The cyber criminals are intercepting that data being transferred from the vendor to the insurer.
“The hackers know that insurance companies want to get an exact quote quickly, so they’re willing to invest in buying data about us,” Cullina told Canadian Underwriter. “So when we do ask for the quote, it kicks back with a lot of information already filled out. They’re intercepting that additional data and harvesting it.”
So far, six insurers in the U.S. have reported such incidents in the last few weeks. “The biggest one we’ve seen so far is half a million [500,000] people exposed. These are significant events where [insurance companies are] looking to notify and provide assistance to people whose data was used in this hack,” Cullina said.
There are no confirmed reports yet of such an incident happening in Canada or elsewhere in the world, Cullina said in an interview.
“Once we started seeing the first couple…we just started notifying [all of our partners around the world] to look out for this,” he said. “And the initial feedback received is that this wasn’t really widely known. We were surprised at how little people knew about it.”
Cullina said his team crafted information materials for two Canadian clients so they could spread the word to their IT and regulatory teams, as well as to their vendor partners. “So they’re in investigation mode. I haven’t seen any actual breach events coming out of Canada as of yet.”
Still, Cullina advised all insurers to be vigilant. “I urge all insurers, regardless of where they sit, to investigate. If they are using these types of portals, which most are, or if they’re engaged in these online quoting platforms, they really need to be monitoring the activity on those platforms to see if there’s some suspicious behaviour.”
What constitutes “suspicious” behaviour?
One example would be spikes in quoting activity that are linked to an unusually high abandonment rate. “Basically, the hackers only go so far into the quoting process to get the additional information that they’re looking for, and then they just lose the quote,” as Cullina explained.
Another red flag would be someone going through the entire process of buying insurance and then not paying the bill. Under these circumstances, cybercriminals may be scooping up as much data as possible and then basically cancelling the purchase.
“So, any kind of weird activity like that, or abnormal activity compared to their average month, that’s the way to start to detect these issues,” Cullina said.
These attacks are not just targeting one kind of insurer or one type of platform. The six U.S. insurers that were hit “are very different companies,” Cullina said. “They do business very differently. So, our assumptions are that this is going to continue to be a widespread issue.”
And there’s no reason to think this type of attack will go away into the night. “I think it’s just generally a warning sign,” Cullina said. “We’ve seen this in different industries with hundreds of breaches and so we’ve seen trends like this start.”