Marsh U.S. Consumer, a Seabury & Smith service, recently reported a security breach to the New Hampshire Attorney General’s Office.
The benefits plan provider reported that due to a programming error and transmission of incorrect URLs, a dedicated server for its client, ITT Corporation, was exposing some ITT employees’ benefits plan personal information to other employees who accessed the server. The unencrypted exposed information included Social Security Numbers – and for individuals enrolled in life insurance benefits programs, medical history information. Personal information of spouses and dependents may also have been accessed.
The problem occurred during the period of November 1 – November 8, and was detected by an employee of ITT. There was no indication that the data were exposed to anyone outside of the ITT network.
This was the second Seabury & Smith incident reported to the New Hampshire Attorney General’s Office in 2010. The first involved a lost back-up tape reported by Marsh and Mercer.