Personal Data Of Two Million Texans Left Exposed For Years

Uploaded on 2022-05-23 in NEWS-Cybersecurity News, GOVERNMENT-Local, FREE TO VIEW

The personal information of almost two million Texans has been exposed for almost three years because of faulty programming issue at the Texas Department of Insurance (TDI). The department says that details of 1.8 million workers who have filed compensation claims were publicly available online from March 2019 to January 2022. 

TDI has made this clear in a State Audit Report published recently that the exposed information included Social Security numbers, addresses, birth dates, telephone numbers and other information about workers. A forensics company worked alongside TDI to determine the scope of the incident. 

TDI has also issued letters to individuals who submitted new workers’ compensation claims between March 2019 and January of 2022, offering 12 months of credit monitoring and identity protection services.

The TDI said the investigation did not find any evidence workers’ personal information had been misused. “In January 2022, TDI began an investigation to determine the full nature and scope of the issue, which included working with a forensic company and working to find out whose information was or might have been viewed by people outside of TDI. “To date, we are not aware of any misuse of the information,” it stated. The department added that it is offering 12 months of credit monitoring and identity protection services at no cost to those who may have been affected.

The security incident was addressed in a state audit report that was published in May 2022. This means that from March 2019 to January 2022, personally identifiable information was exposed to anyone who knew how to find it for nearly three years.

The public notice confirmed that TDI became aware of the security issue on January 4, 2022 after discovering a flaw in the TDI web application that manages workers’ compensation information.  TDI is a state agency that oversees the insurance industry in Texans and ensures that companies are abiding by state regulations.

According to the audit, TDI immediately took the application offline when it realised the flaw. 

TDI Texas:        TDI Texas:      BigCountry:       Oodaloop:       Infosecurity Magazine:    YouTube:  

You Might Also Read: 

E-Commerce Site Exposed Children Worldwide:


 

« Conti Attack US Precision Engineering Business
Canada Bans China From Its 5G Networks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Pradeo

Pradeo

Pradeo Security offers a complete, automatic and seamless protection to mobile devices and applications, aligned with your organization security policy while preserving business agility.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.