Insurance startup leaks sensitive customer health data

A software startup that provides independent insurance brokers with customer management software has exposed highly sensitive information on thousands of insurance policy holders. A vast cache of data was stored on Amazon S3 storage bucket by AgentRun, a Chicago, Ill.-based company founded in 2012 by Andrew Lech, a former independent insurance broker.

The bucket stored thousands of files of broker clients using the company’s platform, including highly sensitive personal information like insurance policy documents, health and medical information, and some financial data. The bucket wasn’t protected with a password and was accessible by anyone. Andrew Lech, the company’s founder, admitted the breach in an email.

Read more about the unintentional leak of sensitive customer health data by AgentRun on ZDNet.

We view this type of vulnerability, the configuration error, to be one of the most serious. This is why configuration needs to be independently checked.

For independent assessments of your security posture contact us at Crucial Point LLC and ask about our CISO-as-a-Service offering.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief