From their press release:
LaPorte & Associates, Inc. (“LaPorte”) today announced an incident involving potential unauthorized access to a laptop containing certain personal information. LaPorte is an insurance agency that provides, among other things, insurance procurement, consultation, and support services for its clients.
The data potentially subject to unauthorized access varies, but includes some combination of the individual’s name, mailing address, Social Security numbers, driver’s license numbers, health insurance numbers, claims information, dates of service, provider names, diagnoses or treatment information, and explanations of benefits, invoice amounts, and invoices.
On January 9, 2018, LaPorte learned that a laptop belonging to one of its agents was stolen. When LaPorte learned about the theft, it immediately secured the employee’s email account, took steps to prevent any remote access to LaPorte’s systems, began an investigation, and engaged a leading forensic firm. LaPorte has no evidence to date that any data on the laptop has been used inappropriately.
Letters to those impacted by the incident for whom LaPorte has an address are being mailed. These letters include an explanation of the incident, an offer of free identity protection and restoration services for applicable individuals and information about additional ways impacted individuals can protect themselves.
To Learn More
LaPorte has established a dedicated assistance line for anyone seeking additional information regarding this incident. This assistance line can be reached at 877-586-8265, Monday – Friday, 6am – 6pm PST.
Identity Protection Tips
LaPorte recommends that impacted individuals enroll in the complimentary identity protection and restoration services. In addition, LaPorte recommends that impacted individuals review their account statements, medical bills, health insurance Explanations of Benefits statements, and credit reports regularly for suspicious activity. Report all suspicious or fraudulent charges to your health insurance provider, bank, or credit card company.
A substitute notice appears on their web site, here.
So…. was the agent violating any policy if there was unencrypted information of these data types on the laptop? And where was the laptop stolen from – an office or a car or a home, or….? And what is LaPorte doing to prevent a recurrence of this type of breach? And how many are being notified? As always, I have questions…..