Personal Data Of Two Million Texans Left Exposed For Years

The personal information of almost two million Texans has been exposed for almost three years because of faulty programming issue at the Texas Department of Insurance (TDI). The department says that details of 1.8 million workers who have filed compensation claims were publicly available online from March 2019 to January 2022. 

TDI has made this clear in a State Audit Report published recently that the exposed information included Social Security numbers, addresses, birth dates, telephone numbers and other information about workers. A forensics company worked alongside TDI to determine the scope of the incident. 

TDI has also issued letters to individuals who submitted new workers’ compensation claims between March 2019 and January of 2022, offering 12 months of credit monitoring and identity protection services.

The TDI said the investigation did not find any evidence workers’ personal information had been misused. “In January 2022, TDI began an investigation to determine the full nature and scope of the issue, which included working with a forensic company and working to find out whose information was or might have been viewed by people outside of TDI. “To date, we are not aware of any misuse of the information,” it stated. The department added that it is offering 12 months of credit monitoring and identity protection services at no cost to those who may have been affected.

The security incident was addressed in a state audit report that was published in May 2022. This means that from March 2019 to January 2022, personally identifiable information was exposed to anyone who knew how to find it for nearly three years.

The public notice confirmed that TDI became aware of the security issue on January 4, 2022 after discovering a flaw in the TDI web application that manages workers’ compensation information.  TDI is a state agency that oversees the insurance industry in Texans and ensures that companies are abiding by state regulations.

According to the audit, TDI immediately took the application offline when it realised the flaw. 

TDI Texas:        TDI Texas:      BigCountry:       Oodaloop:       Infosecurity Magazine:    YouTube:  

You Might Also Read: 

E-Commerce Site Exposed Children Worldwide:


 

« Conti Attack US Precision Engineering Business
Canada Bans China From Its 5G Networks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Cryptshare

Cryptshare

Cryptshare is a communication solution that enables you to share e-mails and files of any size securely.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

eCloudvalley Digital Technology

eCloudvalley Digital Technology

eCloudvalley Digital Technology is a born-in-the-cloud partner focused entirely on AWS services across APAC region.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.