DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Crawford & Company employee pleads guilty to stealing claimants’ personal information

Posted on June 8, 2009 by Dissent

Last week, I posted a copy of a press release from the US Attorney’s Office in Maryland stating that Shanell Angelia Bowser had pleaded guilty to stealing personally identifying information of insurance claimants submitted to her employer, described as an unnamed medical insurance adjuster. The release also mentioned that Bowser and/or her co-schemers had also stolen patient information from an unnamed local health care facility. In total, the information of at least 207 individuals was used in at least 373 applications for credit accounts from financial institutions. Of those applications, at least 125 fraudulent accounts were opened and used to make purchases in the names of 89 individual victims.

DataBreaches.net can now report that the health care facility was Johns Hopkins, and that this was not a breach that has been previously reported in the media. According to hospital spokesperson Gary Stephenson, in late 2005, the hospital terminated an employee after learning of the theft. They notified 111 known or potentially affected patients or family members, suggesting that the remaining victims were individuals whose data were stolen from the insurance adjuster’s firm. The U.S. Attorney’s Office tells DataBreaches.net that the hospital employee was Michelle Courtney Johnson. Johnson was indicted at the same time as Bowser. Her case is awaiting trial.

Johnson’s co-schemer, Bowser, was employed by Crawford & Company. Crawford & Company’s web site describes them as the world’s largest independent provider of claims management and related solutions to the risk management and insurance industry as well as self-insured entities. It has a global network of more than 700 locations in 63 countries.

According to her guilty plea, Bowser was stealing claimant data from August 2005 to November 2008. The Maryland Attorney General’s Office informs DataBreaches.net that the firm did not submit any breach notification. Calls to the company requesting clarification and a response to the guilty plea were not returned by the time of publication.

Category: Breach IncidentsBusiness SectorHealth DataID TheftInsiderU.S.

Post navigation

← Pointer: Commentaries on Merrick Bank v. Savvis
Bits ‘n Pieces →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Resource: State Data Breach Notification Laws – June 2025
  • WestJet investigates cyberattack disrupting internal systems
  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe
  • AI tools collect and store data about you from all your devices – here’s how to be aware of what you’re revealing

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report