Texas data breach exposes personal information of 1.8 million people

The Texas Department of Insurance (TDI) released more information on Wednesday about a data breach discovered in January that exposed sensitive information from more than 1.8 million Texans. 

The agency – which regulates Texas’ insurance industry – said the leak was “due to a programming code error that allowed internet access to a protected area of the application.” 

The fact sheet was released by the agency after the Texas Tribune reported on a state audit of the incident conducted in March. 

The audit, sent to governor Greg Abbott and published on May 12, found that confidential information related to workers’ compensation claims may have been accessible to people outside of TDI between March 2019 and January 2022.

The information includes names, addresses, dates of birth, and phone numbers; part or all of their Social Security numbers; and information about injuries and workers’ compensation claims.

It previously said that it would be sending out breach notification letters to those affected. They did not respond to questions about how many of the 1.8 million Texans affected received letters.

TDI added that the notice it sent out on March 24 “was not dependent on or initiated by the SAO audit, nor was the timing of that notice related to the SAO audit or report.”

“The SAO was working on their audit during the time TDI was investigating the event and was in the process of preparing notices,” the agency claimed. 

A forensic cybersecurity agency was hired to address the issue and the web application was put back online after the programming code was corrected. 

The audit report noted that TDI needs to “strengthen” certain processes and controls to secure its confidential data and prevent unauthorized disclosure. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.