Today’s reminder is from a breach I came across in reviewing records obtained in response to a Freedom of Information Act request I filed.
American Medical Response is a billing/collections agency. In the course of business, they routinely access a database maintained by Acxiom Insight.
Apparently, login credentials of an inactive employee were never properly terminated as there was access to the database between April 2009 and March 2010. AMR did not know about it, however, until Acxiom Insight first contacted them on August 31, 2011 to alert them. All told, 944 people had their files accessed. The files contained their names, addresses, phone numbers, and Social Security numbers.
Affected consumers were notified on January 12, 2012, but were not offered any free credit monitoring services. It’s not clear why Acxiom first detected the problem more than one year after it stopped occurring.
The breach was reported to NYS in January 2012, but doesn’t seem to have appeared in the media at the time.