Programming vulnerability exposes retiree data

Share this article:
A database programming error exposed the personal information of tens of thousands of retirement plan enrollees at investment planning firm Lincoln Financial Group.

How many victims? 91,763.

What type of personal information? Names and Social Security numbers.

What happened? The issue involved a sensitive database maintained by affiliates The Lincoln National Life Insurance Co. and Lincoln Life & Annuity Co. of New York.  

Due to a programming weakness affecting the database search function, administrators were able to view information about individuals not part their plan. Consequently, if an administrator searched a participant's first or last name, the results would have included all plan participants with the same name, and displayed their Social Security numbers. The company was notified of the flaw July 18 by a plan administrator.

Details: The programming error existed in the database search function since 2009. There is no evidence to believe that information in the database was misused.

What was the response? Upon learning of the error, the company disabled the database search function. Once the issue was investigated, participants' Social Security numbers were truncated. The search feature has not yet been restored, as the company is still working on an appropriate solution. Affected individuals are being notified and offered free credit monitoring services.

Meanwhile, this is not the first data breach Lincoln has experienced in recent months. In July, the company said an email error exposed the names and Social Security numbers of 705 people.

Source: Letter to New Hampshire Attorney General Michael Delaney, August 15, 2011.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

Malware on Breyer Horses website for about 18 months, payment card data ...

Malware installed on the computer server hosting the Breyer Horses website may have compromised personal information for people who made purchases between March 31, 2013 and Oct. 6.

Transcript website flaw exposed personal data on 98k users expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.