Can\’t these bozos keep their stuff secure? I am rapidly losing faith in our systems to protect sensitive info. They say it\’s locked up. password protected: Bunk!!!
I got my notification in the mail today that my data was stolen from AIG. Lame letter. No appologies. No attempt at atonement. Just a matter of fact letter that essentially says \”you are screwed\”.
I\’m annoyed that I didn\’t even do business with this bunch of clowns but they had my data anyway.
Why was my info shared with these incompetent idiots anyway? I never signed anything authorizing such indiscretion on the part of my insurance provider…I blame THEM as much as Medical Excess. My state Atty. General will hear about both providers. I agree that a class action lawsuit should be in order. I have been very ill and stressed as a result, and now I have this nightmare to contend with!
All – I work for A**** & have coverage under aetna. Same, see. About this time in March we were told of a computer theft w/ PHI (protected health info) & since then the entire computer system has been \’encrypted\’ across all offices. What medical/dental/401 K policies do you all have??
I am afraid to divulge anymore info…who knows what else might happen??? I will say this, Ann, my insurance provider differs from the one you have. Sorry, but I am a little paranoid at this point!
I work with computers everyday. Unless the computer this information was stored on is designed to self destruct the files (say after 5 attempts at a password entry) this information will sit on the laptop just waiting for an unemployed, unbathed, hacker (who still lives with his mother) to come along. If this information was stored on a laptop one wonders why it could not have been kept on a hard drive (in a VERY secure room), and LOCKED UP (in a VAULT) when not in use. We have never sued anyone before, but now?…. Can you say \”class action lawsuit?\”
Really, I understand the level of anxiety, as you can clearly see mine by not spelling out where i work, as I am in a higher level position! Where this theft took place! Where employees/covered individuals were not notified until today!
I am going to visit our interal website to see if this has been posted – I am not quite sure what role AIG plays in our company, but I believe it is medical. And brokers are the monitarily motivated lot that push coverage on plan sponsors – employers. I just want to know EXACTLY what these folks potenitally have. My medical, dental or 401 K history. I did notify Equifax & will consult an attorney, despite the \’no arbitration\’ agreement we signed when hired!
I too have been informed today about this theft….in a letter that looked like junk mail but I opened it on a whim. What kind of notification is THAT? Not to mention, I can\’t figure out if this was through my employment or my husband\’s…I don\’t know where to start. I have written my Congressman, checked my Credit Report, notified my credit cards, banks, etc. Now what??? Sit and wait? I am feeling pretty vulnerable right now. I first have to find out which insurance…I am thinking it is through my own employer, since hubby didn\’t get a notification. Or maybe he just didn\’t get one YET…
My husband\’s company is self-insured, and it seems that they change plan administrators once or twice a year. I have been routed to Moline, Peoria and now Minnesota when I have questions about a bill. In addition, every time his employer changes TPA\’s, we have to divulge details of accidents, etc., all over again.
So not only is the confidentiality of our information compromised by the structure of these TPA\’s and companies like Medical Excess, but that information keeps getting shifted around from company to company. It makes me wonder whether our information will not only be used for identity theft, but also somehow sold for commercial purposes — or, just to stretch it a bit further, it wouldn\’t surprise me one bit if Medical Excess might be a bit player in government efforts to grab every bit of data about everyone from anyplace. Read Jonathan Turley\’s column in Saturday\’s L.A. Times – here\’s the link: http://www.latimes.com/news/printedition/opinion/la-oe-turley24jun24,1,3332362.story
Who knows where our info is going to end up?
Regardless, this whole episode just shows how poorly Medical Excess treats its clients – where\’s the accountability?
OK – what was at risk is in \’a few cases\’ medical info & SS #s. Brokers used our SS #s in place of another # that typically does not identify the person – IE insurance card may have a BBH334KL as an ID to prevent theft. So the brokers were seeking quotes from AIG, & one of AIG\’s employee benefit products is this thing called \’Medical Excess,\’ which is listed at the top of my letter. Essentially, medical excess is \’coverage for employees who need insurance beyond the limits allowed by most plans.\’ In my case, I have 2 dental plans & have had many dental issues. This is considered the \’catastrophic medical risk management business.\’ So perhaps some of us are using the medical benefits we PAY FOR.
both my employer and my husband\’s are self-funded & his also changed administrators in the last year….now both employers use the same administrator. Here\’s another interesting article I found regarding what identity thieves do with health records: http://www.informationweek.com/news/showArticle.jhtml?articleID=189500020
AARGH…just spoke with a co-worker & she also got the letter…think it\’s my employer then. So…what can be done? Anything?
Irate,
The insurance I carry through my employer was dental as well. However, now that I think about it, I may have maxed out our family benefit for the 2005 year, but I found it not to be a bargain so I dropped it at the end of 2005. I don\’t have any other insurance through my own employer (on husband\’s plan), so I find the whole thing to be kind of bizarre. Unless I\’m still in somebody\’s database when I shouldn\’t be. I suppose if a group is shopping around, they will use information from a prior year. I\’m still really ticked about this!
OK, so I just got the infamous letter. I won\’t waste time with my feelings about this experience (they\’re undoubtably the same as yours.) The question is, what can we– all 930.000 of us– do to organize and gain some kind of voice in all this, rather than simply being the victims? I have to admit being skeptical of class-actions (for a variety of reasons)… but I do want to see some accountability from those responsible (AIG, not just anonymous thieves), a restoration of my sense of privacy and security, and hopefully protection for other consumer\’s rights so they don\’t also have to go through this. Are there any organizations that can assist us? What can WE do?
The more I read about this the more miffed i get that some broker has my ID, my medical/dental history, & considers my past treatments as \’high risk,\’ meaning, \’I might cost the company a ton of money.\’ Claim & cost reduction \’to help maximize medical $$$ spent & at the same time preserve or enhance clinical outcomes.\’ Oddly, they list things like renal disease, organ transplant, hemophillia, multiple medical conditions as the high costs they are trying to contain! I have a dental implant & root canals & freq cleanings. Guess i am just too expensive!
the thing is, our confidentiality, our privacy, has been violated by brokers trying to save money. Our HIPPA rights are violated. I may check out a HIPPA website. SS # should NEVER EVER be used & other \’dummy\’ numbers are what we in insurance companies use. So the brokers, thier employers, those who are not named in the articiles, they are accountable. If they are in the business of buying/selling cheap medical coverage for high utilizers, then they should use protected ID\’s. I will read thru some of my HIPPA materials but this medical data they collect is PROTECT HEALTH INFORMATION – PHI. Our true identities should not be resting on a laptop.
Can\’t begin to tell you how much we are lectured to and tested over our knowledge of HIPAA in my workplace. Employees at the healthcare institution in which I am employed are fired in a heartbeat for violating anything regarding HIPAA! Individuals are hired to simply track on-line activity of employees to make sure they aren\’t looking at any patient information unrelated to their need to do their jobs. I am going to contact the HIPAA compliance officer at our institution regarding this gross violation of my medical records, not to mention the theft of valuable personal information!
I agree with Kay. The envelope in which the rather important letter was sent just appears to be another piece of junk mail. I opened it just to make sure it didn\’t contain something I might need to shred (to protect my identity)…so much for that precaution! I retrieved the envelope from my trash can just in case it might be useful in a court case someday!
If the area was password-protected, then whoever took the server knew a lot about what they were doing. Checking the contents of the server would be child\’s play for them.
I too am angered that I did not do business with AIG directly, nor was I given any information to the effect that AIG would have access to my records. Clearly the people at my agency gave AIG the data without first validating AIG\’s security. I intend to find out which of my insurance companies brokered my information and find out why they did such an irresponsible thing.
CONGRESS, it is time to make companies liable for these types of crimes. If you (AIG) want to store my personal information, you should take full responsibility to protect it. It is a minimal investment to encrypt sensitive information that is being stored in a company’s database system. When a company becomes liable for personal information, they will then take the necessary actions to secure it. Make them held accountable for storage of our personal information via laws, it is only then will they take this seriously.
I am appalled by Medical Excess LLC and by AIG and their lack of leadership and I am in contact with my congressman. I suggest we all do the same. This will continue to occur until companies are held accountable for their decisions and actions with storing our sensitive information. Shame on your companies CTO, the person should be fired for lack of direction and leadership.
I am in contact with my congressman to make him aware of this company’s lack of responsibility.
We just received the same letter today from Medical Excess.
Three months? Why did it take nearly 3 months to notify us about a theft that occurred March 31st? Today is June 26th.
Was the original plan by Medical Excess (perhaps they should rename themselves Medical Carelessness) to bury this crime until someone reported an identity theft?
Do we have any recourse?
Perhaps people need to contact the Attorney General, and their state and federal representatives. Perhaps someone should file a class-action lawsuit – if it\’s viable. I\’m uncomfortable with the amount of private medical information these corporations have on us. They\’re very intrusive whenever you have the misfortune to file a claim, yet protecting all this sensitive medical information and social security numbers seems unimportant to them.
I am appalled at how little regard they have shown for our privacy and to protect our information.
Plus, we were advised to be on the lookout for suspicious activity on our credit cards for the next two years – yet Medical Excess is only offering to make amends if we experience identity theft in the next 12 months – no word on what happens beyond that.
These irresponsible corporations need to be held liable – but the do-nothing Congress will live up to their reputation because the insurance industry\’s campaign cash is too hard to resist.
I called them several times and got a lady that told me that our insurance company gave these idiots our information….i contacted my insurance company and they told me that they don\’t deal with these morons….then i called the idiots back and they said that my employer contacted them when we got a new contract, they were supposedly shopping around for different prices…
Has anyone talked with an attorney about this? I am not sure that class action is going to benefit any of us. Seems like most class action suits I hear about end up with the lawyers getting a bunch of money. So I have mixed feelings about that. Plus, the impact to insurance premiums is that we all just pay more for health care. It\’s a wicked cycle. I\’d rather end up with guarantees that Medical Excess will resolve and compensate for any violations that occur as a result of their security failures.
I think it is true that it is rare class action suits do much for the individual. However, I take pleasure in knowing that the company will be punished for their actions; regardless of how much I would get personally.
What would have to happen is that the financial burden of the punishment would be so severe that the company closes. Otherwise, you are right, they will just raise their rates and make the money back in higher premiums.
I received this letter yesterday. EVERYONE who received this letter needs to take action immediately. The exposure of personal and confidential information is a serious issue! The mode of communication received was entirely insensitive and evasive……what regional office, where is the case registered….needless to say we were notified 3 months late. The fraud alert may help but it will definitely delay further credit especially if a large amount like a mortgage is needed…not to mention an illegal may get ahold of your identity and you spend the remainder of your life trying to straighten this mess out…isn\’t there some lawyer out there that has received this letter like us and can give some insight into recourse action. HELP
The vets got $1,000 each for their data theft in the recent VA case, plus $10,000 to $20,000 if they suffer identity theft as a result. Sounds good to me, why is AIG not mailing us our checks yet? Their stupid letter is NOT compensation. They say \”go to FTC website\” and read up on data theft. HUH? And \”go to anuualcreditreport.com\” and get a free credit report, which anybody can get. HUH? That\’s it??????? BULL!
Ironically, our family data was compromised and we are not even health care customers of either Medical Excess or AIG – our only connection with them is thru a retirement account administered by VALIC. Somehow VALIC shared data with AIG who shared data with Medical Excess – all without permission – so much for \”protecting\” data. It\’s amazing how easily and amorally businesses turn our personal, financial, medical lives into commodities to be bought, traded and stolen. Our rights as customers and citizens are trampled by those who believe themselves to be higher and mightier daily. They are thieves of the first order, without conscience or restraint. History will show that the Soviets were sneakier but probably less dangerous than unscrupulous \”business\”men. Be sure to check out the movie \”Fun With Dick And Jane\” for an Enronesque experience.
You have got to be kidding me…when are these idiots going to learn that they just cannot do this???????
Now everyone has to waste their time pulling credit reports, putting fraud alerts on their credit reports, and having to watch every little thing they get in the mail or what shows on their accounts. Sure, if you access accounts online like some people do they can check them every day…some people don\’t have that luxury.
If they got this information like this, how many other companies have our information and we don\’t even know it??? And why would anyone need to provide SSN numbers for this stuff when plan administrators use different ID numbers to verify who you are?????? This is utterly repulsive.
On top of that, if this server was supposedly in some secured room, either it was an inside job or someone in that stupid company gave away the codes to some crook outside of the company, so either way it was probably was an inside job…nice security measure there Medical Excess…what a joke…thanks for wasting everyones time and money AIG. AIG doesn\’t even know what information was even on that server since the letter said that \”your social security number and date of birth MAY have been on the database\”…those stupid idiots don\’t even know what was even on that thing, yet they claim they take security measures on it? They probably didn\’t even know what was on the damn thing…….on top of that, this happened back in MARCH?!?!?!?!?!?!!?!? Like they couldn\’t have sent a letter in March without leaking this to the public…who knows what could happen to your credit report in 3 months…..
So, thanks for nothing Medical Excess/AIG and all of the other idiot companies who pull this stuff and get away with it….shouldn\’t everyone had learned from the ChoicePoint debacle????????
You\’d think since they just compromised the personal information of almost a million people they\’d have some reference to the matter on their website.
AIG represents the worst of this industry, from top to bottom a rotten apple that attracts immoral business people and whose leadership expects their employees to push the ethical envelope every day, every minute. This is the heart of their competitive advantage. While this is not the only company devoid of a moral compass, it has repeatedly moved the ethical bar lower and lower under the guise of returning greater and greater to it\’s shareholders.
I\’m among the last to suggest that we need a legislative solution to this increasing problem of ID theft, but enough IS enough. There must be a grass roots effort somewhere in need of another 930,000 constituents?
Surely there is a lawyer hungry enough in a jurisdiction favorable to consumers who will take this on?
I live in Indianapolis and found the Indianapolis office number to call. The lady was very nice but not helpful. Apparently, she has been instructed to not talk about the issue other than to direct people to the 877 number on the back of the letter.
She also noted that they have not been told anything concerning the issue also.
This is an example of bad management. Management should be taking a leadership position in communicating their willingness to help and be responsive. Instead, we are lead to a phone number that is not answered.
This company sucks.
Anyone know if it is a public company? Anyone know the name of the CEO?
I called the 800 number I found on their website this morning. I asked to find out who gave them my information. The women I spoke to told me she did not have that information, but would pass the message along, and someone would call me back.
She tried to tell me that it was through a census broker or my employer, I do the insurance for the company I work for, and I did not give anyone permission to give it to this company. It was only after that that she said someone would call me back.
There\’s no reason to believe that the computers weren\’t password protected. Most OS\’s newer than Windows95 make it easy to do password protection (every computer I\’ve used at work since 1999 had password protection).
On the other hand password protection doesn\’t mean squat unless the data was encrypted (most of the time you just need to boot the computer from a floppy or CD).
I could be wrong, but there may not have been a HIPAA violation here.
Providers and insurance companies can hire third parties to do work (write and manage software, print bills, etc) as long as those third parties only get info that they need and obey HIPAA themselves.
Reason 1: the VA was incredibly negligent; AIG wasn\’t (as far as I can tell).
Reason 2: The VA needs to keep its customers happy, AIG doesn\’t.
Why do you blame AIG to the tune of a billion bucks?
Is it that they had your data? I personally blame my insurance company.
Is it that they were burglarized? Lots of companies are burglarized every day.
Is it that their security or procedures were bad? As far as I can tell, they were average for the industry. If you have any evidence, they were sub-par, I\’d love to hear it. The whole industry needs to get better, but we shouldn\’t single out AIG for that.
Of course, identity theft prevention is big business, why shouldn\’t AIG/MedicalExcess reap the benefits along with all the other companies that prey on the misfortune and paranoia of the multitutde of nameless, faceless everyday citizens (a.k.a. \”us\”). Occurrances like these are a boon to credit reporting agencies. For example, if just 5% of those affected by this one instance of mass ID theft subsequently subscribed to Experian\’s Credit Manager service to avail themselves of
\”• Unlimited credit reports and scores
• Daily credit monitoring with email alerts
• $10 off 3 Bureau Credit Report upgrades\”
then AIGs boo boo = half a million dollar bump in Experian\’s annual sales.
One person writes about the Bush Administration\’s insatiable appetite for information on us all, well hey, I\’d be all for it if the government could provide a useful service to us for our tax dollars, as Experian can, for a fee.
For example, if just .5% of those affected by this one instance of mass ID theft . . . if 5% signed up, it would be nearly a 6 million dollar bump in sales!
AIG describes itself as \”the leading international insurance organization with operations in more than 130 countries and
jurisdictions.\” An AIG member company announced earlier this year that it
now offers identity-theft insurance coverage.
So HOW BOUT IT AIG ?? you claim \”valuable\” $10K servers were stolen. a pittance. were they and the data adequately secured ? NO. gross negligence. so how bout free identity-theft insurance, all 970,000 of us, for life ? Your passing the responsibility for securing our identities and credit to US, the injured parties, after your unexcusable laxity, is SPECIOUS. Gonna bring Stockard Channing in to make excuses for you?
A truly disgusting lot of cheapskate cowards. may this take you DOWN. see ya in court
I have read on several different sites that AIG/Medical Excess is providing free credit services for a year for individuals who received the infamous letter.
I called AIG/Medical Excess and they stated that this is not true. Anyone know why this is being falsely reported?
I contacted AIG, and they said we are covered for one year in case if something happened to you(lost time, and court fee etc..), so I said if something happened to me i would be to late, I asked for minimum one year monitoring service, if they don\’t I\’m ready to start a class action suit.
I agree a class action is the way to go….if they covered us for a year for any fraudulent activity ….when does it start when the info was stolen or starting the three months when they actually informed us by letter…
MadAsHell said:
> I have read on several different sites
> that AIG/Medical Excess is providing
> free credit services for a year for
> individuals who received the infamous
> letter.
Which sites? Are any of them official, or is it just people repeating what they\’ve heard through the grape vine?
It just says AIG will tell people how to get protection. It says they didn\’t know whether they\’d PAY FOR it (and my guess it that that they\’ve decided not to).
Not just us as Victims, we\’ll let\’s see if member of al Qaeda got hold of that list, they can assume the identite of anybody, create an ID, then id they blew up anything, the FBI HSS will be looking for the person they assume his identity.
That what I sait to AIG when I called, so they created a case for me.
they were handling data that was not encrypted, so anyone could walk up to that PC/server and access the personal information of anyone in that particular PC. That, my friend, is negligence. Now, I have to keep up the goddamn fraud alert for the rest of my life because these douchebags refuse to pay for added security…and our HR uses our SS# on our medical cards and refuse to change it. My buddy Steve stole my eraser AND my identity! With friends like these….
Can\’t these bozos keep their stuff secure? I am rapidly losing faith in our systems to protect sensitive info. They say it\’s locked up. password protected: Bunk!!!
I got my notification in the mail today that my data was stolen from AIG. Lame letter. No appologies. No attempt at atonement. Just a matter of fact letter that essentially says \”you are screwed\”.
I\’m annoyed that I didn\’t even do business with this bunch of clowns but they had my data anyway.
Ed.
Why was my info shared with these incompetent idiots anyway? I never signed anything authorizing such indiscretion on the part of my insurance provider…I blame THEM as much as Medical Excess. My state Atty. General will hear about both providers. I agree that a class action lawsuit should be in order. I have been very ill and stressed as a result, and now I have this nightmare to contend with!
All – I work for A**** & have coverage under aetna. Same, see. About this time in March we were told of a computer theft w/ PHI (protected health info) & since then the entire computer system has been \’encrypted\’ across all offices. What medical/dental/401 K policies do you all have??
I am afraid to divulge anymore info…who knows what else might happen??? I will say this, Ann, my insurance provider differs from the one you have. Sorry, but I am a little paranoid at this point!
I work with computers everyday. Unless the computer this information was stored on is designed to self destruct the files (say after 5 attempts at a password entry) this information will sit on the laptop just waiting for an unemployed, unbathed, hacker (who still lives with his mother) to come along. If this information was stored on a laptop one wonders why it could not have been kept on a hard drive (in a VERY secure room), and LOCKED UP (in a VAULT) when not in use. We have never sued anyone before, but now?…. Can you say \”class action lawsuit?\”
Really, I understand the level of anxiety, as you can clearly see mine by not spelling out where i work, as I am in a higher level position! Where this theft took place! Where employees/covered individuals were not notified until today!
I am going to visit our interal website to see if this has been posted – I am not quite sure what role AIG plays in our company, but I believe it is medical. And brokers are the monitarily motivated lot that push coverage on plan sponsors – employers. I just want to know EXACTLY what these folks potenitally have. My medical, dental or 401 K history. I did notify Equifax & will consult an attorney, despite the \’no arbitration\’ agreement we signed when hired!
Sorry, thought I was responding to Ann. Guess I was really responding to Irate.
I too have been informed today about this theft….in a letter that looked like junk mail but I opened it on a whim. What kind of notification is THAT? Not to mention, I can\’t figure out if this was through my employment or my husband\’s…I don\’t know where to start. I have written my Congressman, checked my Credit Report, notified my credit cards, banks, etc. Now what??? Sit and wait? I am feeling pretty vulnerable right now. I first have to find out which insurance…I am thinking it is through my own employer, since hubby didn\’t get a notification. Or maybe he just didn\’t get one YET…
I cannot believe it, How can this happen? I also got this letter after 3 months. I am very concerned….
My husband\’s company is self-insured, and it seems that they change plan administrators once or twice a year. I have been routed to Moline, Peoria and now Minnesota when I have questions about a bill. In addition, every time his employer changes TPA\’s, we have to divulge details of accidents, etc., all over again.
So not only is the confidentiality of our information compromised by the structure of these TPA\’s and companies like Medical Excess, but that information keeps getting shifted around from company to company. It makes me wonder whether our information will not only be used for identity theft, but also somehow sold for commercial purposes — or, just to stretch it a bit further, it wouldn\’t surprise me one bit if Medical Excess might be a bit player in government efforts to grab every bit of data about everyone from anyplace. Read Jonathan Turley\’s column in Saturday\’s L.A. Times – here\’s the link:
http://www.latimes.com/news/printedition/opinion/la-oe-turley24jun24,1,3332362.story
Who knows where our info is going to end up?
Regardless, this whole episode just shows how poorly Medical Excess treats its clients – where\’s the accountability?
OK – what was at risk is in \’a few cases\’ medical info & SS #s. Brokers used our SS #s in place of another # that typically does not identify the person – IE insurance card may have a BBH334KL as an ID to prevent theft. So the brokers were seeking quotes from AIG, & one of AIG\’s employee benefit products is this thing called \’Medical Excess,\’ which is listed at the top of my letter. Essentially, medical excess is \’coverage for employees who need insurance beyond the limits allowed by most plans.\’ In my case, I have 2 dental plans & have had many dental issues. This is considered the \’catastrophic medical risk management business.\’ So perhaps some of us are using the medical benefits we PAY FOR.
both my employer and my husband\’s are self-funded & his also changed administrators in the last year….now both employers use the same administrator. Here\’s another interesting article I found regarding what identity thieves do with health records: http://www.informationweek.com/news/showArticle.jhtml?articleID=189500020
AARGH…just spoke with a co-worker & she also got the letter…think it\’s my employer then. So…what can be done? Anything?
Irate,
The insurance I carry through my employer was dental as well. However, now that I think about it, I may have maxed out our family benefit for the 2005 year, but I found it not to be a bargain so I dropped it at the end of 2005. I don\’t have any other insurance through my own employer (on husband\’s plan), so I find the whole thing to be kind of bizarre. Unless I\’m still in somebody\’s database when I shouldn\’t be. I suppose if a group is shopping around, they will use information from a prior year. I\’m still really ticked about this!
OK, so I just got the infamous letter. I won\’t waste time with my feelings about this experience (they\’re undoubtably the same as yours.) The question is, what can we– all 930.000 of us– do to organize and gain some kind of voice in all this, rather than simply being the victims? I have to admit being skeptical of class-actions (for a variety of reasons)… but I do want to see some accountability from those responsible (AIG, not just anonymous thieves), a restoration of my sense of privacy and security, and hopefully protection for other consumer\’s rights so they don\’t also have to go through this. Are there any organizations that can assist us? What can WE do?
The more I read about this the more miffed i get that some broker has my ID, my medical/dental history, & considers my past treatments as \’high risk,\’ meaning, \’I might cost the company a ton of money.\’ Claim & cost reduction \’to help maximize medical $$$ spent & at the same time preserve or enhance clinical outcomes.\’ Oddly, they list things like renal disease, organ transplant, hemophillia, multiple medical conditions as the high costs they are trying to contain! I have a dental implant & root canals & freq cleanings. Guess i am just too expensive!
the thing is, our confidentiality, our privacy, has been violated by brokers trying to save money. Our HIPPA rights are violated. I may check out a HIPPA website. SS # should NEVER EVER be used & other \’dummy\’ numbers are what we in insurance companies use. So the brokers, thier employers, those who are not named in the articiles, they are accountable. If they are in the business of buying/selling cheap medical coverage for high utilizers, then they should use protected ID\’s. I will read thru some of my HIPPA materials but this medical data they collect is PROTECT HEALTH INFORMATION – PHI. Our true identities should not be resting on a laptop.
Can\’t begin to tell you how much we are lectured to and tested over our knowledge of HIPAA in my workplace. Employees at the healthcare institution in which I am employed are fired in a heartbeat for violating anything regarding HIPAA! Individuals are hired to simply track on-line activity of employees to make sure they aren\’t looking at any patient information unrelated to their need to do their jobs. I am going to contact the HIPAA compliance officer at our institution regarding this gross violation of my medical records, not to mention the theft of valuable personal information!
I agree with Kay. The envelope in which the rather important letter was sent just appears to be another piece of junk mail. I opened it just to make sure it didn\’t contain something I might need to shred (to protect my identity)…so much for that precaution! I retrieved the envelope from my trash can just in case it might be useful in a court case someday!
If the area was password-protected, then whoever took the server knew a lot about what they were doing. Checking the contents of the server would be child\’s play for them.
I too am angered that I did not do business with AIG directly, nor was I given any information to the effect that AIG would have access to my records. Clearly the people at my agency gave AIG the data without first validating AIG\’s security. I intend to find out which of my insurance companies brokered my information and find out why they did such an irresponsible thing.
Yeah. We also have nothing more than this company\’s word that the fileserver was password protected.
How do we know that this is true? Do you think this company would come out and say that it wasn\’t protected?
I have minimal trust in the information that this company provided.
Anyone know if the State Attny General can do anything about this kind of stuff? Anyone know if there is class-action stuff happening yet?
Ed.
CONGRESS, it is time to make companies liable for these types of crimes. If you (AIG) want to store my personal information, you should take full responsibility to protect it. It is a minimal investment to encrypt sensitive information that is being stored in a company’s database system. When a company becomes liable for personal information, they will then take the necessary actions to secure it. Make them held accountable for storage of our personal information via laws, it is only then will they take this seriously.
I am appalled by Medical Excess LLC and by AIG and their lack of leadership and I am in contact with my congressman. I suggest we all do the same. This will continue to occur until companies are held accountable for their decisions and actions with storing our sensitive information. Shame on your companies CTO, the person should be fired for lack of direction and leadership.
I am in contact with my congressman to make him aware of this company’s lack of responsibility.
We just received the same letter today from Medical Excess.
Three months? Why did it take nearly 3 months to notify us about a theft that occurred March 31st? Today is June 26th.
Was the original plan by Medical Excess (perhaps they should rename themselves Medical Carelessness) to bury this crime until someone reported an identity theft?
Do we have any recourse?
Perhaps people need to contact the Attorney General, and their state and federal representatives. Perhaps someone should file a class-action lawsuit – if it\’s viable. I\’m uncomfortable with the amount of private medical information these corporations have on us. They\’re very intrusive whenever you have the misfortune to file a claim, yet protecting all this sensitive medical information and social security numbers seems unimportant to them.
I am appalled at how little regard they have shown for our privacy and to protect our information.
Plus, we were advised to be on the lookout for suspicious activity on our credit cards for the next two years – yet Medical Excess is only offering to make amends if we experience identity theft in the next 12 months – no word on what happens beyond that.
These irresponsible corporations need to be held liable – but the do-nothing Congress will live up to their reputation because the insurance industry\’s campaign cash is too hard to resist.
I called them several times and got a lady that told me that our insurance company gave these idiots our information….i contacted my insurance company and they told me that they don\’t deal with these morons….then i called the idiots back and they said that my employer contacted them when we got a new contract, they were supposedly shopping around for different prices…
what are you guys doing in terms of protection?
Has anyone talked with an attorney about this? I am not sure that class action is going to benefit any of us. Seems like most class action suits I hear about end up with the lawyers getting a bunch of money. So I have mixed feelings about that. Plus, the impact to insurance premiums is that we all just pay more for health care. It\’s a wicked cycle. I\’d rather end up with guarantees that Medical Excess will resolve and compensate for any violations that occur as a result of their security failures.
Is there any redress under HIPAA?
Perfect.
Can you get me his phone number?
I think it is true that it is rare class action suits do much for the individual. However, I take pleasure in knowing that the company will be punished for their actions; regardless of how much I would get personally.
What would have to happen is that the financial burden of the punishment would be so severe that the company closes. Otherwise, you are right, they will just raise their rates and make the money back in higher premiums.
Ed.
I think we should involve Bill O …What say you……
I received this letter yesterday. EVERYONE who received this letter needs to take action immediately. The exposure of personal and confidential information is a serious issue! The mode of communication received was entirely insensitive and evasive……what regional office, where is the case registered….needless to say we were notified 3 months late. The fraud alert may help but it will definitely delay further credit especially if a large amount like a mortgage is needed…not to mention an illegal may get ahold of your identity and you spend the remainder of your life trying to straighten this mess out…isn\’t there some lawyer out there that has received this letter like us and can give some insight into recourse action. HELP
The vets got $1,000 each for their data theft in the recent VA case, plus $10,000 to $20,000 if they suffer identity theft as a result. Sounds good to me, why is AIG not mailing us our checks yet? Their stupid letter is NOT compensation. They say \”go to FTC website\” and read up on data theft. HUH? And \”go to anuualcreditreport.com\” and get a free credit report, which anybody can get. HUH? That\’s it??????? BULL!
Ironically, our family data was compromised and we are not even health care customers of either Medical Excess or AIG – our only connection with them is thru a retirement account administered by VALIC. Somehow VALIC shared data with AIG who shared data with Medical Excess – all without permission – so much for \”protecting\” data. It\’s amazing how easily and amorally businesses turn our personal, financial, medical lives into commodities to be bought, traded and stolen. Our rights as customers and citizens are trampled by those who believe themselves to be higher and mightier daily. They are thieves of the first order, without conscience or restraint. History will show that the Soviets were sneakier but probably less dangerous than unscrupulous \”business\”men. Be sure to check out the movie \”Fun With Dick And Jane\” for an Enronesque experience.
You have got to be kidding me…when are these idiots going to learn that they just cannot do this???????
Now everyone has to waste their time pulling credit reports, putting fraud alerts on their credit reports, and having to watch every little thing they get in the mail or what shows on their accounts. Sure, if you access accounts online like some people do they can check them every day…some people don\’t have that luxury.
If they got this information like this, how many other companies have our information and we don\’t even know it??? And why would anyone need to provide SSN numbers for this stuff when plan administrators use different ID numbers to verify who you are?????? This is utterly repulsive.
On top of that, if this server was supposedly in some secured room, either it was an inside job or someone in that stupid company gave away the codes to some crook outside of the company, so either way it was probably was an inside job…nice security measure there Medical Excess…what a joke…thanks for wasting everyones time and money AIG. AIG doesn\’t even know what information was even on that server since the letter said that \”your social security number and date of birth MAY have been on the database\”…those stupid idiots don\’t even know what was even on that thing, yet they claim they take security measures on it? They probably didn\’t even know what was on the damn thing…….on top of that, this happened back in MARCH?!?!?!?!?!?!!?!? Like they couldn\’t have sent a letter in March without leaking this to the public…who knows what could happen to your credit report in 3 months…..
So, thanks for nothing Medical Excess/AIG and all of the other idiot companies who pull this stuff and get away with it….shouldn\’t everyone had learned from the ChoicePoint debacle????????
You\’d think since they just compromised the personal information of almost a million people they\’d have some reference to the matter on their website.
Not these people.
AIG represents the worst of this industry, from top to bottom a rotten apple that attracts immoral business people and whose leadership expects their employees to push the ethical envelope every day, every minute. This is the heart of their competitive advantage. While this is not the only company devoid of a moral compass, it has repeatedly moved the ethical bar lower and lower under the guise of returning greater and greater to it\’s shareholders.
I\’m among the last to suggest that we need a legislative solution to this increasing problem of ID theft, but enough IS enough. There must be a grass roots effort somewhere in need of another 930,000 constituents?
Surely there is a lawyer hungry enough in a jurisdiction favorable to consumers who will take this on?
I live in Indianapolis and found the Indianapolis office number to call. The lady was very nice but not helpful. Apparently, she has been instructed to not talk about the issue other than to direct people to the 877 number on the back of the letter.
She also noted that they have not been told anything concerning the issue also.
This is an example of bad management. Management should be taking a leadership position in communicating their willingness to help and be responsive. Instead, we are lead to a phone number that is not answered.
This company sucks.
Anyone know if it is a public company? Anyone know the name of the CEO?
I called the 800 number I found on their website this morning. I asked to find out who gave them my information. The women I spoke to told me she did not have that information, but would pass the message along, and someone would call me back.
She tried to tell me that it was through a census broker or my employer, I do the insurance for the company I work for, and I did not give anyone permission to give it to this company. It was only after that that she said someone would call me back.
Yes, they are a public company, trading under AIG on the NYSE.
Martin J. Sullivan
President and Chief Executive Officer
American International Group, Inc.
There\’s no reason to believe that the computers weren\’t password protected. Most OS\’s newer than Windows95 make it easy to do password protection (every computer I\’ve used at work since 1999 had password protection).
On the other hand password protection doesn\’t mean squat unless the data was encrypted (most of the time you just need to boot the computer from a floppy or CD).
I could be wrong, but there may not have been a HIPAA violation here.
Providers and insurance companies can hire third parties to do work (write and manage software, print bills, etc) as long as those third parties only get info that they need and obey HIPAA themselves.
If anyone needs a laugh (unfortunately at our expense) check out this link.
http://www.aigidtheft.com/
Reason 1: the VA was incredibly negligent; AIG wasn\’t (as far as I can tell).
Reason 2: The VA needs to keep its customers happy, AIG doesn\’t.
Why do you blame AIG to the tune of a billion bucks?
Is it that they had your data? I personally blame my insurance company.
Is it that they were burglarized? Lots of companies are burglarized every day.
Is it that their security or procedures were bad? As far as I can tell, they were average for the industry. If you have any evidence, they were sub-par, I\’d love to hear it. The whole industry needs to get better, but we shouldn\’t single out AIG for that.
Of course, identity theft prevention is big business, why shouldn\’t AIG/MedicalExcess reap the benefits along with all the other companies that prey on the misfortune and paranoia of the multitutde of nameless, faceless everyday citizens (a.k.a. \”us\”). Occurrances like these are a boon to credit reporting agencies. For example, if just 5% of those affected by this one instance of mass ID theft subsequently subscribed to Experian\’s Credit Manager service to avail themselves of
\”• Unlimited credit reports and scores
• Daily credit monitoring with email alerts
• $10 off 3 Bureau Credit Report upgrades\”
then AIGs boo boo = half a million dollar bump in Experian\’s annual sales.
One person writes about the Bush Administration\’s insatiable appetite for information on us all, well hey, I\’d be all for it if the government could provide a useful service to us for our tax dollars, as Experian can, for a fee.
make that,
For example, if just .5% of those affected by this one instance of mass ID theft . . . if 5% signed up, it would be nearly a 6 million dollar bump in sales!
AIG describes itself as \”the leading international insurance organization with operations in more than 130 countries and
jurisdictions.\” An AIG member company announced earlier this year that it
now offers identity-theft insurance coverage.
So HOW BOUT IT AIG ?? you claim \”valuable\” $10K servers were stolen. a pittance. were they and the data adequately secured ? NO. gross negligence. so how bout free identity-theft insurance, all 970,000 of us, for life ? Your passing the responsibility for securing our identities and credit to US, the injured parties, after your unexcusable laxity, is SPECIOUS. Gonna bring Stockard Channing in to make excuses for you?
A truly disgusting lot of cheapskate cowards. may this take you DOWN. see ya in court
I have read on several different sites that AIG/Medical Excess is providing free credit services for a year for individuals who received the infamous letter.
I called AIG/Medical Excess and they stated that this is not true. Anyone know why this is being falsely reported?
I contacted AIG, and they said we are covered for one year in case if something happened to you(lost time, and court fee etc..), so I said if something happened to me i would be to late, I asked for minimum one year monitoring service, if they don\’t I\’m ready to start a class action suit.
I agree a class action is the way to go….if they covered us for a year for any fraudulent activity ….when does it start when the info was stolen or starting the three months when they actually informed us by letter…
MadAsHell said:
> I have read on several different sites
> that AIG/Medical Excess is providing
> free credit services for a year for
> individuals who received the infamous
> letter.
Which sites? Are any of them official, or is it just people repeating what they\’ve heard through the grape vine?
This is the closest thing I\’ve found:
http://news.morningstar.com/news/DJ/M06/D15/200606151620DOWJONESDJONLINE000940.html
It just says AIG will tell people how to get protection. It says they didn\’t know whether they\’d PAY FOR it (and my guess it that that they\’ve decided not to).
Not just us as Victims, we\’ll let\’s see if member of al Qaeda got hold of that list, they can assume the identite of anybody, create an ID, then id they blew up anything, the FBI HSS will be looking for the person they assume his identity.
That what I sait to AIG when I called, so they created a case for me.
I think the letter says that if your identify is compromised, THEN you get the service for a year.
they were handling data that was not encrypted, so anyone could walk up to that PC/server and access the personal information of anyone in that particular PC. That, my friend, is negligence. Now, I have to keep up the goddamn fraud alert for the rest of my life because these douchebags refuse to pay for added security…and our HR uses our SS# on our medical cards and refuse to change it. My buddy Steve stole my eraser AND my identity! With friends like these….