On April 5, DataBreaches reported:
And then there’s the Texas Department of Insurance. They informed the Texas Attorney General’s office that 1,800,000 Texas were affected by a leak involving names, addresses, dates of birth, phone numbers, parts or all of Social Security numbers, and information about injuries and workers’ compensation claims. Anyone who had claim since 2006 might be affected.
Some news media in Texas appear to be catching up with the enormity of the story after the state released an audit report on May 12 showing that the data were exposed for three years. While specific findings and recommendations were not included in the public report for security reasons, the audit noted:
In March 2022, after audit fieldwork was completed, the Department
issued a notice that it had in January 2022 become aware of a data
security issue with a Department web application that manages
workers’ compensation information. Because of that issue, certain
confidential information related to workers’ compensation claims may
have been accessible to individuals outside of the Department between
March 2019 and January 2022. The confidential information at risk
included claimants’ names, addresses, dates of birth, and phone
numbers; part or all of their Social Security numbers; and information
about injuries and workers’ compensation claims. According to the
Department’s notice, the issue was caused by programming code that
allowed internet access to a protected area of the application. The
Department is offering 12 months of credit monitoring and identity
protection services at no cost to those who may have been affected by
the issue.