[BreachExchange] Aetna 'privacy incident' affects 3,000 Texans
Audrey McNeil
audrey at riskbasedsecurity.com
Wed Nov 23 18:05:16 EST 2016
http://www.chron.com/business/bizfeed/article/Aetna-data-
incident-affects-3-000-Texans-10633073.php
Aetna is notifying about 3,000 Texas policyholders affected by a "privacy
incident" after a CD containing personal information never arrived at its
intended destination.
Though the health coverage provider believes the lost CD has been
discarded, the company is sending letters to everyone affected with
information about free credit monitoring, fraud alerts and ways to prevent
identity fraud and theft, according to a company statement.
The incident occurred after an employee of Aetna Signature Administrators,
a division of Aetna, mailed a CD on Sept. 6 to another employee for
archiving purposes. When the envelope arrived, the CD was missing. On Sept.
9, the U.S. Postal Service was notified but was unable to locate the
missing item.
A "thorough investigation" revealed names, birth dates, phone numbers and
some Social Security numbers were on the lost CD. The company believes the
Postal Service likely threw away and destroyed the CD. "Although the CD has
not been recovered to date, Aetna has no reason to believe that the
information was, or will be, misused or accessed by any unauthorized
individual," a company statement reads.
"We take privacy seriously and sincerely apologize for this incident,"
Aetna's privacy office Executive Director Diane McCammon said in a
statement. "We have taken essential steps to make sure this never happens
again, and we encourage anyone affected to take advantage of the credit
monitoring we're offering to safeguard the information that was lost."
The company has asked third-party administrators to stop sharing Social
Security numbers and has retrained employees on data protection procedures.
Connecticut-based Aetna provides health care benefits to about 47 million
people.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161123/814d2309/attachment.html>
More information about the BreachExchange
mailing list