Incident & Breach Response , Security Operations

Retirees Hit by Website Breach

22,000 Social Security Numbers Posted on Delaware Site
Retirees Hit by Website Breach
In an unusual breach incident, the Social Security numbers, gender and dates of birth for about 22,000 retired Delaware state employees were posted for five days on a state website. The retiree's names, however, were not posted.

Aon Consulting, Chicago, says it advertently posted the information on the procurement section of a state website along with a request for proposals it had prepared to solicit bids from insurance companies interested in providing vision benefits for retirees. The company is a consultant to the Office of Management and Budget's Division of Statewide Benefits.

The information was posted Aug. 16 and removed Aug. 20 when the personal information was discovered, Aon says.

Aon is notifying those affected, as required under the HITECH Act breach notification rule, and offering them one year's worth of free credit monitoring from Experian.

The state's Office of Management and Budget, Department of Technology and Information, Office of the Attorney General and Pension Office are overseeing the steps Aon is taking to alert those affected and to prevent future incidents.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.