Personal Data Of Two Million Texans Left Exposed For Years

Uploaded on 2022-05-23 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

The personal information of almost two million Texans has been exposed for almost three years because of faulty programming issue at the Texas Department of Insurance (TDI). The department says that details of 1.8 million workers who have filed compensation claims were publicly available online from March 2019 to January 2022. 

TDI has made this clear in a State Audit Report published recently that the exposed information included Social Security numbers, addresses, birth dates, telephone numbers and other information about workers. A forensics company worked alongside TDI to determine the scope of the incident. 

TDI has also issued letters to individuals who submitted new workers’ compensation claims between March 2019 and January of 2022, offering 12 months of credit monitoring and identity protection services.

The TDI said the investigation did not find any evidence workers’ personal information had been misused. “In January 2022, TDI began an investigation to determine the full nature and scope of the issue, which included working with a forensic company and working to find out whose information was or might have been viewed by people outside of TDI. “To date, we are not aware of any misuse of the information,” it stated. The department added that it is offering 12 months of credit monitoring and identity protection services at no cost to those who may have been affected.

The security incident was addressed in a state audit report that was published in May 2022. This means that from March 2019 to January 2022, personally identifiable information was exposed to anyone who knew how to find it for nearly three years.

The public notice confirmed that TDI became aware of the security issue on January 4, 2022 after discovering a flaw in the TDI web application that manages workers’ compensation information.  TDI is a state agency that oversees the insurance industry in Texans and ensures that companies are abiding by state regulations.

According to the audit, TDI immediately took the application offline when it realised the flaw. 

TDI Texas:        TDI Texas:      BigCountry:       Oodaloop:       Infosecurity Magazine:    YouTube:  

You Might Also Read: 

E-Commerce Site Exposed Children Worldwide:


 

« Conti Attack US Precision Engineering Business
Canada Bans China From Its 5G Networks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

Prowler

Prowler

Prowler is at the forefront of the Open Cloud Security movement, championing a new era of transparency, customizability, and community-driven security for cloud environments.