Insurance claims and policy information in the dumpster
Technorati Tag: Security Breach
Date Reported:
6/13/08
Organization:
Texas Insurance Claims Services
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
"hundreds of files"
Types of Data:
Insurance claims and policy paperwork including "names, social security numbers and policy numbers"
Breach Description:
Files containing sensitive confidential information were discovered in a dumpster in Richardson, Texas. The files are believed to have been thrown out by the owner of a company called Texas Insurance Claims Services.
Reference URL:
WFAA Channel 8 News
Report Credit:
Rebecca Lopez, WFAA-TV
Response:
From the online source cited above:
on Friday, hundreds of files with people's names, social security numbers and policy numbers were found in a Richardson dumpster
The files contain a lot of private information.
The people who filled out the forms probably never expected them to end up where anyone could simply walk away with them.
[Evan] There we go with expectations again. See my comments in the "Tucson area Domino's Pizza customer information exposed" breach.
You expect when you give your private information to an insurance company, it will stay that way.
Mike McCarty was driving by a dumpster near his work in Richardson. He saw a man taking pictures of trash inside, so he stopped.
[Evan] Taking pictures?
"[The man] said he was looking for empty boxes because he was going to move but he found a bunch of these files."
[Evan] But why was the man taking pictures? The story isn't clear on this point, so I wonder.
There were files with people's names, addresses, social security numbers and even pictures of their homes and cars.
The files were dumped here by a company called Texas Insurance Claims Services which processes people's claims.
We asked the owner why he threw them away. He wouldn't go on camera but said he was only required to keep the files five years and could then toss them.
[Evan] Oh, well then. Sounds like a good enough explanation to me... NOT! Where is the corporate and social responsibility?
The company says it sometimes uses commercial shredding services but decided not to do so this time.
[Evan] Let me see if I understand this correctly. The company obviously knows the importance of shredding confidential papers in general, otherwise they wouldn't "sometimes use commercial shredding services". What the @#$^ explains why the company chose not to use the shredding services in this instance?
Authorities say it's not unusual for criminals to dumpster dive to look for ways to get personnel information that they can use to illegally run up huge bills.
[Evan] This is very true. There are even people who organize and belong to dumpster diving clubs, not to imply that THESE people are "criminals", but only to point out that people DO dumpster dive.
The dumpster was full of files. Most of them were taken away by garbage collectors. We are shredding the few we took for our story.
[Evan] The files were taken away by garbage collectors? I wonder how much confidential information a person could find at the dump (landfill)?
Commentary:
It may just be the context of the owner's remarks, or it may just be me, but the owner seems to be oblivious to the risk of throwing confidential customer information out with the garbage.
Past Breaches:
Unknown
Date Reported:6/13/08
Organization:
Texas Insurance Claims Services
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
"hundreds of files"
Types of Data:
Insurance claims and policy paperwork including "names, social security numbers and policy numbers"
Breach Description:
Files containing sensitive confidential information were discovered in a dumpster in Richardson, Texas. The files are believed to have been thrown out by the owner of a company called Texas Insurance Claims Services.
Reference URL:
WFAA Channel 8 News
Report Credit:
Rebecca Lopez, WFAA-TV
Response:
From the online source cited above:
on Friday, hundreds of files with people's names, social security numbers and policy numbers were found in a Richardson dumpster
The files contain a lot of private information.
The people who filled out the forms probably never expected them to end up where anyone could simply walk away with them.
[Evan] There we go with expectations again. See my comments in the "Tucson area Domino's Pizza customer information exposed" breach.
You expect when you give your private information to an insurance company, it will stay that way.
Mike McCarty was driving by a dumpster near his work in Richardson. He saw a man taking pictures of trash inside, so he stopped.
[Evan] Taking pictures?
"[The man] said he was looking for empty boxes because he was going to move but he found a bunch of these files."
[Evan] But why was the man taking pictures? The story isn't clear on this point, so I wonder.
There were files with people's names, addresses, social security numbers and even pictures of their homes and cars.
The files were dumped here by a company called Texas Insurance Claims Services which processes people's claims.
We asked the owner why he threw them away. He wouldn't go on camera but said he was only required to keep the files five years and could then toss them.
[Evan] Oh, well then. Sounds like a good enough explanation to me... NOT! Where is the corporate and social responsibility?
The company says it sometimes uses commercial shredding services but decided not to do so this time.
[Evan] Let me see if I understand this correctly. The company obviously knows the importance of shredding confidential papers in general, otherwise they wouldn't "sometimes use commercial shredding services". What the @#$^ explains why the company chose not to use the shredding services in this instance?
Authorities say it's not unusual for criminals to dumpster dive to look for ways to get personnel information that they can use to illegally run up huge bills.
[Evan] This is very true. There are even people who organize and belong to dumpster diving clubs, not to imply that THESE people are "criminals", but only to point out that people DO dumpster dive.
The dumpster was full of files. Most of them were taken away by garbage collectors. We are shredding the few we took for our story.
[Evan] The files were taken away by garbage collectors? I wonder how much confidential information a person could find at the dump (landfill)?
Commentary:
It may just be the context of the owner's remarks, or it may just be me, but the owner seems to be oblivious to the risk of throwing confidential customer information out with the garbage.
Past Breaches:
Unknown
Posted by Evan Francen at 6/18/2008 12:34 PM 
Categories: Insecure Discard, Texas Insurance Claims Svcs
Categories: Insecure Discard, Texas Insurance Claims Svcs
Posts Atom 1.0
Comments