Email contains personal data on thousands of insurance agents

Share this article:
Agents with a state online health insurance exchange in Minnesota may have had data compromised.
Agents with a state online health insurance exchange in Minnesota may have had data compromised.

Thousands of agents with state online health insurance exchange MNsure in Minnesota may have had personal data compromised when an employee inadvertently sent out an email attachment that contained the information.

How many victims? More than 2,400 insurance agents.

What type of personal information? Names, business addresses, license numbers and Social Security numbers, among other identifying information.

What happened? A MNsure employee inadvertently attached an Excel spreadsheet that contained the personal information to an email, which was then sent out to an Apple Valley insurance broker's office.

What was the response? Upon realizing the error, the MNsure employee contacted the Apple Valley insurance broker and asked him to delete the email with the file. MNsure officials followed up with more detailed instructions shortly after. All affected agents are being notified of the incident. An investigation is ongoing.

Details: The email and attachment was sent to the broker on Thursday.

Quote: “MNsure takes this incident extremely seriously,” a MNsure official said in a statement. “While it appears that this incident was accidental, MNsure will conduct a thorough investigation to fully understand the nature of the incident. MNsure has a data privacy policy in place, and this employee's action was a violation of this policy.”

Jim Koester, the recipient of the file, said that “the gorilla in the room is that they sent me something that's not even encrypted. It's unsecured, on an Excel spreadsheet – which is using outdated technology to transfer that information in the first place. They've got to realize they have a huge problem.”

Source: startribune.com, Star Tribune, “Errant e-mail creates security breach at MNsure,” Sept. 12, 2013.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Fate of unencrypted drive unknown, PHI of 5,500 in Virginia at risk

A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.

Iowa State server breach exposes SSNs of nearly 30,000

The breach impacts Iowa State students where were enrolled at the university between 1995 and 2012.

Three laptops stolen from New York podiatry office, 6,475 at risk

Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.