Ind. AG reaches settlement with WellPoint in consumer data breach

[Jeffrey Walton <noloader () gmail com>]

http://www.nwitimes.com/business/local/article_7feddb17-aa1c-5950-b743-cec018b84267.html
July 5, 2011

INDIANAPOLIS | Health insurer WellPoint Inc. will pay Indiana a
$100,000 settlement over a data breach where the personal information
of thousands of WellPoint customers was potentially accessible via the
Internet. The settlement resolves a lawsuit Indiana Attorney General
Greg Zoeller's office filed under a new data-breach notification law
passed in 2009.

"This case should be a teaching moment for all companies that handle
consumers' personal data: If you suffer a data breach and private
information is inadvertently posted online, then you must notify the
Attorney General's Office and consumers promptly. Early warning helps
minimize the risk that consumers will fall victim to identity theft,"
Zoeller said.

The data breach occurred when applications for individual insurance
policies submitted to WellPoint -- containing Social Security numbers,
financial information and health records -- were potentially
accessible through an unsecured web site from October 23, 2009, to
March 8, 2010. The records of 32,051 people in Indiana were
potentially accessible through the online application tracker website
operated by companies owned by or affiliated with WellPoint for
potentially anyone to see.

...
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/