The Institute of Electrical and Electronics Engineers (IEEE) describes itself as the world’s largest technical professional organization with over 365,000 members worldwide, but some of its members may be feeling a bit beleaguered after receiving what may be their second breach notice in as many months.
In February, the association notified 828 members that an intruder may have accessed or acquired their names and credit card numbers, complete with expiration dates and security codes.
Now, an unspecified number of members who signed up for Term Life insurance underwritten by New York Life Insurance are being notified that due to a mailing error, offers they received to upgrade their insurance plan were sent to the correct addresses but exposed other members’ names and member numbers.
A recipient of an erroneous offer and breach notification sent the documents to DataBreaches.net. I’ve uploaded them here, complete with the recipient’s notations that indicate that not only was the name and member number not his, but the coverage amount was not his and probably belonged to the individual whose name appeared on his letter.
The breach is somewhat similar in description to a breach affecting AARP members that was reported in November 2010. Their insurance was also underwritten by New York Life Insurance, but in that incident, more personal information was exposed, such as dates of birth. It was not reported in the media who was responsible for that mailing error – AARP or some other entity.
In this case, New York Life Insurance says that it had no role in the privacy breach. According to a spokesperson for the insurance company, “The mailing address information did not go from New York Life to Marsh… Marsh is handling this incident.” It is not known how many IEEE members have received notifications.
Marsh U.S. Consumer, who sent the breach notification letters to IEEE members, is a service of Seabury & Smith. This appears to be at least their second breach in recent months. Other Seabury & Smith services have also reported breaches within the past year, including a lost backup tape and improperly exposing a Sperian folder containing encrypted employee information to the company’s medical insurance carrier.
This was a vendor mailing system error and IEEE data security has not been breached.