Obamacare Employee Accidentally Sends Out 2,400 Social Security Numbers

[AllenChicago]

I haven't checked the MN exchange forum in ..................................................... ..............................................................................................never.

Allen, stuff like this needs to be in front of everyone in this forum

Right YAgents, I agree.

But you have to keep in mind that the owners of this forum designed the state forums so that visitors from specific states could go to a location and see information pertaining specifically to them. When I saw the info breach alert at 1:30am Friday morning, priority #1 was to post it in the Minnesota forum for the people that live in Minnesota to see. (If a storm is headed towards Minnesota, you warn Minnesotans first.)

Thankfully, Duaine also posted this information here for the rest of country, and his sources more detailed by that time. Both bases covered. This "breach" will probably just be one of many. I'm surprised the public learned of it, considering how compact it was.

It seems that the broker who mistakingly received these SSN's called the Star Tribune, who confronted MNSure exchange management. If he had taken this directly to the Exchange himself, no one would have ever known that there was a security breach.
-ac

 

[houcoogster]

Ha ha ha ha...
that's funny dude...

 

[Full Throttle]

I was one of those 2,400 agents to have my SS# emailed accidentally.

Sent me a generic email last week saying it was not a problem, all data recovered.

 

[RayNY]

All data recovered? That's like saying "last week's shooting is not a problem, all of the blood and bits of brains have been cleaned up".

 

[xrac]

Sent me a generic email last week saying it was not a problem, all data recovered.

Unless the agent in question decided to save a bootleg copy.

 

[houcoogster]

UNless the agent in question decided to save a bootleg copy.

The agent isn't the one in question here.

 

[RayNY]

Yes, he is.

The document was sent to a broker. The exchange walked them through deleting the file from their hard drive.

If he was to, say, forward it, copy it, save it under a different name, or fail to delete it from his recycle bin, he still has a "bootleg copy" as xrac said. Ever have an auto-forwarder set up? Who knows where else that e-mail bounced?

My mail server keeps a copy even if I delete it on my machine. It was sent un-securely and could have easily been intercepted, forwarded, or stored in cache along the line.

Items deleted from a computer are almost always recoverable, or at least readable, with the right program.

Moral of the story, that agent is at least part of the question. 2400 brokers? That might be damn near all of the personal information they have on record in the first place, for all we know, this is a dump of everything they have.

 

[MedSuppPro]

Minneapolis Star Tribune reported an Obamacare exchange employee in Minnesota accidentally sent out an email containing 2,400 Americans’ Social Security numbers.

“A MNsure employee accidentally sent an e-mail file to an Apple Valley insurance broker’s office on Thursday that contained Social Security numbers, names, business addresses and other identifying information on more than 2,400 insurance agents."

“An official at MNsure, the state’s new online health insurance exchange, acknowledged it had mishandled private data. A MNsure security manager called the broker, Jim Koester, and walked him and his assistant through a process of deleting the file from their computer hard drives.
“Koester said he willingly complied, but was unnerved.

“‘The more I thought about it, the more troubled I was,’ he said. ‘What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?’”

LOL -- the MNsure security manager knows how to delete Fraudulent activity! You would think the MNsure security manager would also need to report this activity.

It could be that the file was created for a reason and was attached and sent to other intended recipients. It appears that nobody is investigating this possibility.

Why was this file created in the first place?

Who's checking MNsure's hard drives and email accounts to verify that this file wasn't also sent out to other intended recipients. Seriously, is this just getting brushed under the carpet so nobody knows the full extent of this potentially fraudulent act?

 

[xrac]

LOL -- the MNsure security manager knows how to delete Fraudulent activity! You would think the MNsure security manager would also need to report this activity.

It could be that the file was created for a reason and was attached and sent to other intended recipients. It appears that nobody is investigating this possibility.

Why was this file created in the first place?

Who's checking MNsure's hard drives and email accounts to verify that this file wasn't also sent out to other intended recipients. Seriously, is this just getting brushed under the carpet so nobody knows the full extent of this potentially fraudulent act?

All important questions that need to be answered. Somebodies head should roll for this type of screw up.

 

[RayNY]

Brokers were hurt, not citizens, and we're the "bad guys" in all of this some how, so no one cares. It's like when rich people get robbed, or a bully gets beat up. It's a terrible act but most people just plain won't care.

It's also before the exchanges open, so it's not like it really happened. I'm sure they have some "security wasn't in place/protocols weren't developed/employees weren't trained/encryption wasn't installed/etc" excuse.