Cyber Incident Victim: Central Licensing Bureau Inc.

On November 29, 2021, Central Licensing Bureau Inc. (CLB) detected a ransomware attack that disrupted portions of its computer systems and allowed unauthorized access to files containing consumer data. The company engaged a third-party cybersecurity forensic firm to secure its systems and investigate the incident. The investigation confirmed that an unauthorized actor obtained access to sensitive consumer information, including first and last names, addresses, dates of birth, Social Security numbers, and driver’s license numbers. CLB completed its review of the compromised files on June 10, 2022, determining the specific individuals impacted and the types of data exposed in each case. The breach notification process concluded on July 8, 2022, when CLB filed an official notice and mailed data breach letters to all affected parties. The compromised data varied by individual but consistently included personally identifiable information capable of facilitating identity theft or financial fraud. Founded in 1982, CLB provides licensing services to insurance companies, agents, and corporations nationwide, handling resident and non-resident licensing, renewals, corporate qualifications, and appointments. The company employs over 30 people and generates approximately $7 million in annual revenue through services that also include third-party administrator licensing and surplus lines management.

The ransomware attack against CLB occurred amid a broader surge in such incidents, with the Identity Theft Resource Center documenting 321 ransomware attacks in 2021 affecting over 41 million people—more than double the 158 attacks recorded in 2020. Modern ransomware tactics frequently involve hackers threatening to publish stolen data on the dark web unless ransoms are paid, increasing pressure on targeted organizations. While CLB did not disclose whether attackers exfiltrated data or issued publication threats, the exposure of Social Security numbers and driver’s license information created significant risks for identity theft and fraud. The company’s response followed a standardized breach protocol: containment through third-party cybersecurity assistance, forensic analysis to determine breach scope, a seven-month review to identify affected consumers, and notification 221 days after initial detection. No operational disruptions or system downtime beyond the initially disabled components were reported. The incident highlighted vulnerabilities in systems managing sensitive licensing data for insurance industry clients, though CLB did not specify whether the compromised files pertained to active clients, historical records, or both. Ransomware’s evolution from simple device encryption to complex data-extortion schemes has intensified consequences for entities handling high-value personal information like CLB.