Tom Murphy of Associated Press reports that Aetna, Inc. learned that a web site maintained by a vendor had been compromised earlier this month. Files on the web site included about 450,000 email addresses for job applicants, but even more ominously, names, addresses, employment histories, and Social Security numbers of about 65,000 current and former employees.
Aetna notified the 65,000 individuals last week. Some of those whose email addresses were copied from the site received phishing attempts earlier this month, which was what alerted Aetna to the problem. A forensic examination has not yet revealed how the site was compromised and the company is not even sure how much personal information was accessed or acquired.