Third-party administrator of insurance products Bay Bridge Administrators (BBA) https://www.bbadmin.com is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach. Bay Bridge Administrators is a full- service, nationally-recognized, third party administrator of fully-insured employee benefit plans. Representing top-rated insurance companies, Bay Bridge fills a niche market in the insurance industry by entering into agreements with companies to provide administrative services including: enrollment, underwriting, policy issue, billing and collection of premiums, customer service, and claims adjudication.
On 10 January 2023, the Austin, Texas-based administrator of employee benefit plans announced that, on 5 September 2022, it fell victim to a cyberattack that caused a network disruption. A subsequent investigation revealed that, around 15 August 2022, a threat actor gained unauthorized access to the Bay Bridge Administrators network and used that access to exfiltrate certain data on 03 September 2022.[1]
On 5 December 2022, the firm determined that both personally identifiable information (PII) and protected health information (PHI) was exposed during the attack, and started identifying the impacted individuals. On 29 December 2022, the company started notifying the impacted individuals of the incident.
The compromised information includes names, addresses, birth dates, Social Security numbers, ID and driver’s license numbers, and medical and health insurance information. “The personal and protected health information involved was shared with BBA either by the individual, the individual's employer, and/or the individual's insurance carrier(s), in connection with enrollment in an employment insurance benefit plan for calendar year 2022,” the company says.
BBA says it is not aware of any of the compromised data being misused, but it is not uncommon for stolen personal information to be traded on hacker marketplaces before being used for nefarious purposes.
See: https://redskyalliance.org/xindustry/california-voters-approve-consumer-privacy-laws-and-penalties
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.securityweek.com/251k-impacted-data-breach-insurance-firm-bay-bridge-administrators
Comments