Texas data breach exposes personal information of 1.8 million people
The Texas Department of Insurance (TDI) released more information on Wednesday about a data breach discovered in January that exposed sensitive information from more than 1.8 million Texans.
The agency – which regulates Texas’ insurance industry – said the leak was “due to a programming code error that allowed internet access to a protected area of the application.”
The audit, sent to governor Greg Abbott and published on May 12, found that confidential information related to workers’ compensation claims may have been accessible to people outside of TDI between March 2019 and January 2022.
The information includes names, addresses, dates of birth, and phone numbers; part or all of their Social Security numbers; and information about injuries and workers’ compensation claims.
It previously said that it would be sending out breach notification letters to those affected. They did not respond to questions about how many of the 1.8 million Texans affected received letters.
TDI added that the notice it sent out on March 24 “was not dependent on or initiated by the SAO audit, nor was the timing of that notice related to the SAO audit or report.”
“The SAO was working on their audit during the time TDI was investigating the event and was in the process of preparing notices,” the agency claimed.
A forensic cybersecurity agency was hired to address the issue and the web application was put back online after the programming code was corrected.
The audit report noted that TDI needs to “strengthen” certain processes and controls to secure its confidential data and prevent unauthorized disclosure.