Programming vulnerability exposes retiree data

Share this article:
A database programming error exposed the personal information of tens of thousands of retirement plan enrollees at investment planning firm Lincoln Financial Group.

How many victims? 91,763.

What type of personal information? Names and Social Security numbers.

What happened? The issue involved a sensitive database maintained by affiliates The Lincoln National Life Insurance Co. and Lincoln Life & Annuity Co. of New York.  

Due to a programming weakness affecting the database search function, administrators were able to view information about individuals not part their plan. Consequently, if an administrator searched a participant's first or last name, the results would have included all plan participants with the same name, and displayed their Social Security numbers. The company was notified of the flaw July 18 by a plan administrator.

Details: The programming error existed in the database search function since 2009. There is no evidence to believe that information in the database was misused.

What was the response? Upon learning of the error, the company disabled the database search function. Once the issue was investigated, participants' Social Security numbers were truncated. The search feature has not yet been restored, as the company is still working on an appropriate solution. Affected individuals are being notified and offered free credit monitoring services.

Meanwhile, this is not the first data breach Lincoln has experienced in recent months. In July, the company said an email error exposed the names and Social Security numbers of 705 people.

Source: Letter to New Hampshire Attorney General Michael Delaney, August 15, 2011.

Share this article:

Sign up to our newsletters


More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.