A data breach at the Texas Department of Insurance (TDI) exposed confidential information of 1.8 million Texans for nearly three years, according to a brief from the Texas State Auditor’s Office (SAO).
The audit report said confidential information related to workers’ compensation claims may have been accessible to individuals outside the TDI between March 2019 and January 2022. The information at risk included claimants’ names, addresses, dates of birth, and phone numbers; part or all of their Social Security numbers; and information about injuries and workers’ compensation claims.
On Jan. 4 2022, TDI became aware of a security issue with web service application that manages workers’ compensation information. The Department said it immediately took the application offline and fixed the issue.
TDI said the data breach was caused by programming code that allowed internet access to a protected area of the application. After correcting the programming code, TDI placed the web application back online.
TDI said a forensic investigation could not conclusively rule out that certain information on the web application was accessed outside of TDI, adding that this does not mean all the information was viewed by people outside TDI.
According to TDI, the SAO was working on their audit during the time TDI was investigating the event and was in the process of preparing notices.
TDI announced in March it would send out letters to people who may have been affected by the data breach. The letters included instructions for enrolling in 12 months of credit monitoring services and identity protection services at no cost to those who may have been affected by the issue.
Was this article valuable?
Here are more articles you may enjoy.