Who Breached: WellPoint Inc.
Number Affected: 128,000
Information breached: Social Security Numbers (maybe)
How: exposed online over the past year

The personal information of 128,000 WellPoint customers in 7 states was exposed online over a one-year period. The information may have included Social Security Numbers and pharmacy or medical data.

Two WellPoint servers maintained by an outside data management vendor, unidentified, were the source of the security breach. Early last year, it was known that a server was improperly secured and that information for 1350 customers may have appeared online. That breach was fixed. However, a second server was recently found to be insecure, putting an additional 128,000 customers at risk for the period of about a year. The information appeared online, but had ‘code protection’ to prevent it from being found via a search engine.

WellPoint spokeswoman Shannon Troughton says that the problem has been fixed and that customers are being notified. Credit-monitoring services are being offered for one year. It is not clear why an investigation into the security of all servers with the vendor was not conducted after the first error was found.

WellPoint is not new to security issues. In October 2006, stolen back-up computer tapes exposed the data of 200,000 members and in 2007, data for 75,000 members went missing during a shipment between vendors.

Via business week Tags: , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati