From: security curmudgeon (jerichoattrition.org)
Date: Wed Sep 01 2010 - 01:48:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.delawareonline.com/article/20100831/NEWS02/8310324/State+retiree+data+breached

By J.L. MILLER
The News Journal
August 31, 2010

DOVER -- In a data breach that one security expert said could be worth
millions of dollars to scam artists, Aon Consulting, the state's benefits
consultant, inadvertently posted personal information of about 22,000
state retirees on the Web, potentially exposing them to identity theft for
the rest of their lives.

The information appeared on the state's procurement website from Aug. 16
to Aug. 20, and included the retirees' Social Security numbers, dates of
birth and gender. Their names were not included.

The company said it accidentally included the personal information in a
request for proposals it had prepared to solicit bids from insurance
companies interested in providing vision coverage to state employees and
retirees.

Insurers need age and other information on the pool of people to be
covered in order to prepare a bid, Aon Consulting spokesman Joe Micucci
said Monday. He said that is normally done by using a random series of
digits assigned to individuals to shield their identity, not their Social
Security numbers.

However, "the information that should have been randomized was not,"
Micucci said.

[...]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]