Personal Information of 1.8 Million Texans Exposed
Confidential personal data of 1.8 million Texans was exposed and available to the public for almost three years. The data was from Texans who filed workers’ compensation claims with the Texas Department of Insurance.
That’s according to CNET. The information includes names, Social Security numbers, addresses, phone numbers and dates of birth. It was publicly available online from March 2019 until January 2022.
According to a state audit report, the issue was caused by programming code that allowed internet access to a protected area of the application.
“The department is offering 12 months of credit monitoring and identity protection services at no cost to those who may have been affected by the issue,” it said.
Neil Jones is director of cybersecurity evangelism at Egnyte.
“The recent data breach at the Texas Department of Insurance is especially concerning because workers’ compensation data inherently includes personally identifiable information (PII) and protected health information (PHI), which are potential treasure troves for cyberattackers,” he said. “Although there’s no current evidence that the breached information has been used maliciously, it is not uncommon for attackers to wait for just the right time to post their breached data to the dark web. There are several key lessons that can be learned from this incident. Organizations need to combine data security with effective application security testing and penetration testing programs. Stress testing needs to be conducted before an application’s brought live to end-users in a public setting. During these dynamic times, routine technological audits need to occur on a more frequent basis than they did before, to prevent vulnerabilities from being exploited.”
