Connecticut Attorney General Richard Blumenthal is investigating a massive security breach that allegedly compromised private financial and health information on nearly a half million WellPoint consumers, including thousands in Connecticut.
In a letter to WellPoint Inc., Blumenthal has requested detailed information
about how the breach occurred, what steps have been taken to protect the affected individuals, and what new procedures have been adopted to prevent future breaches.
Blumenthal is also calling on WellPoint to provide the same protection that other companies have done after similar breaches — at least two years of credit monitoring, at least $25,000 of identity theft insurance and expenses covered to impose and later lift any security freeze on consumers’ credit reports.
“The fact that private personal and financial information — such as names, addresses, Social Security numbers and credit card information — as well as personal protected health information was made available to the public is particularly alarming,” Blumenthal said. “Fraud, identity theft, or misuse of personal health information may arise as a result of the release of this information unless strong credit and identity protections are immediately provided to affected individuals.
“This information breach is only the latest in a disturbing series of cases
where nonpublic personal information has been subjected to unauthorized access. In
this era of increasing reliance on technology, it is vitally important that companies entrusted with nonpublic personal information employ the highest levels of security. Such breaches put innocent consumers at significant risk, and those affected deserve adequate protection.
“I am concerned that WellPoint has failed to provide sufficient levels of credit
and identity theft protection. At the very least, WellPoint should provide all affected individuals with two years of credit monitoring services and at least $25,000 of
identity theft insurance. In addition, affected consumers must be allowed to place a “security freeze” on their credit reports, and to thaw the freeze, at WellPoint’s expense. Companies involved in recent similar breaches have offered these protections, and WellPoint should do no less.”
Blumenthal is seeking a response by July 9. The information he is seeking includes:
• the name and address of the computer company who updated the online application process in October 2009;
• What security protections, hardware or software, were present or used on the online application system prior to the upgrade;
• the categories of information contained on the online system and compromised by this breach;
• the process by which someone would be able to “manipulated the URL address” in order to view other individuals’ information;
• Prior measures to safeguard sensitive information;
• how and when WellPoint first learned about the breach;
• the circumstances under which the information was accessed or viewed by anyone without authorization;
• what, if any, security protocols or procedures were in effect to prevent the exposure of private information to users or applicants using the online system;
• the number of individuals affected by this incident and their state of residence;
• all steps taken to determine what caused the flaw in the online application system and the time period in which private information was publicly available;
• how WellPoint determined that the information was accessed by fewer than 10 unidentified computers — someone other than the health insurer’s employees and affiliates;
• copies of all investigative reports or audits relative to this incident;
• all steps taken or that will be taken to warn all affected persons that their private information may have been compromised, and copies of any notification letters already sent;
• an outline of any plan to prevent a future breach and a timeline for implementing that plan; and
• corporate policies regarding securing servers, databases, or other systems containing private information.
Similar Posts:
- Conn Teachers’ Retirement Board Urged To Provide ID Protection After Breach
- UConn Security Breach Impacts More than 10,000
- UConn Co-up ID Breach Investigated By Ct Atty Gen
- Attorney General Announces Investigation Into Yale Security Breach
- Health Net Requested By Atty Gen To Provide Identity Theft Protection For Connecticut Customers
- Ct Atty Gen Investigating Blue Cross For Data Breach & Delay Of Notifying Victims
[...] This post was mentioned on Twitter by JWBC. JWBC said: Blumenthal Investigating Wellpoint Security Breach Of 500,000 Customers. http://bit.ly/ceGgZs [...]
The question need be asked, ” if the securrity breech when the 3 lap top computers were MIS-SPOKEN, OH I’M SORRY, MIS-STATED, DARN, I’M NOT WITH IT TODAY,
MIS-PLACED I BELIEVE , SORRY, I BELIEVE I MIS SPOKE THERE. Well, the lap-
tops of the state were financial. Did they ever get returned????? Sorry to have taken up the LAST 20 YEARS OF MIS-SPOKEN, TOKEN, DERERMENT YEARS.
remember me in the voting booth. mr. mispoken let me straighten that ribbon on
this metal. did i mis-speak how i achieved this purple one?????