The personal data of nearly two million Texans was uncovered for approximately three a long time due to a programming issue at the Texas Department of Insurance (TDI).
The division uncovered that information of 1.8 million staff who have submitted compensation statements were publicly accessible on the web from March 2019 to January 2022 in a state audit report published last week. This included Social Security quantities, addresses, dates of beginning, phone numbers and info about workers’ injuries.
In a public notice on March 24, the TDI stated it to start with became knowledgeable of a security issue with a TDI web software that manages workers’ payment information on January 4 2022. This issue enabled users of the community to entry a shielded component of the on the net software.
The TDI, a condition agency that oversees the insurance plan marketplace in Texas and enforces condition restrictions, instantly took the application offline, quickly set the issue and started an investigation into the mother nature and scope of the function with a forensics corporation. It then issued letters to individuals who submitted a new workers’ compensation claim among March 2019 and January 2022 to notify them they could
The recently posted point out audit exposed 1.8 million employees have been impacted by the leak.
In an updated press release published on Tuesday Could 17, TDI claimed the investigation did not come across any evidence workers’ personal information had been misused. “In January 2022, TDI started an investigation to figure out the complete character and scope of the issue, which bundled functioning with a forensic corporation and doing work to come across out whose data was or may well have been seen by people outdoors of TDI. To day, we are not informed of any misuse of the information,” it said.
The department additional that it is supplying 12 months of credit score checking and identity defense services at no value to people who could have been influenced.
Commenting on the tale, Neil Jones, director of cybersecurity evangelism, Egnyte, warned: “The modern facts breach at the TDI is primarily regarding mainly because worker’s compensation info inherently includes PII (Personally Identifiable Info) and PHI (Safeguarded Health and fitness Details), which are potential treasure troves for cyber-attackers. Despite the fact that there is no present proof that the breached information and facts has been made use of maliciously, it is not unusual for attackers to wait around for just the right time to write-up their breached knowledge to the Dark Web.”
Very last yr, lawmakers in Texas passed a bill requiring notices to be released on line of any knowledge breaches involving the own facts of 250 or far more Lone Star State citizens.
Some areas of this posting are sourced from: