Double Indemnity: How An Insurer Exposed Its Customers

The Maryland Joint Insurance Association (JIA) left a significant amount of personally identifiable information (PII) exposed on a public IP address, accessed via an open port. The data included customer names, address, birth dates, phone numbers, social security numbers, bank account numbers and insurance policy numbers. Admin credentials to the company’s systems were also exposed in the same event. The exposure was found during a regular check by the UpGuard Cyber Risk Team.