This doesn’t sound good in terms of having adequate security. Associated Press reports:
Hartford police met with an Access Health CT official to investigate reports that an employee stole customer’s personal information, police said.
The investigation came about after Connecticut’s health insurance exchange learned that someone found a backpack containing personal information of possible Access Health CT clients was discovered on a Hartford street. Access Health CT is also investigating the incident.
Kevin Counihan, the CEO of the insurance marketplace, said an individual found the backpack Friday on Trumbull Street, where Access Health is located. He said it contained four notebooks with personal information for approximately 400 individuals.
The hand-written notescontained information of possible clients’ names, dates of birth and social security numbers, according to police. Hartford Police Lt. Brian Foley said it’s unknown at this time whether personal information was compromised.
Read more on NBC.
Update: A friendly reporter sent me a copy of Access Health CT’s statement:
Statement from Access Health CT CEO Kevin Counihan:
“Earlier today, we received a report that an individual in Hartford discovered a backpack on Trumbull Street containing four notepads with personal information for approximately 400 individuals. The backpack also contained Access Health CT paperwork and it appears as though some of that personal information may be associated with Access Health CT accounts.
It is still unclear where the backpack came from, and we are working the Hartford Police Department to investigate, and contact the individuals whose information may be compromised.
I have directed Peter Van Loon, Chief Operations Officer, to work with Maximus, our call center vendor, and our outreach teams to address this situation as quickly as possible, including ensuring that we address the potential issue of identity theft. Our legal department is also in the process of filing all required state and federal breach reports.
I’ve asked him to report back to me as soon as possible with as much information as possible, and as soon as I have that information we will provide everyone with an update.
Let me be clear: we are sorry this happened. This is a very serious situation and we will hold the person or persons who are responsible to account.
We will work tirelessly until we have remedied this problem and can prevent any such reoccurrence.”