Over the last couple of days, I’ve gotten two notices from companies that I deal with regarding violations of privacy. In the first case, someone broke into the email database of my professional liability insurance company and sent out a bunch of emails. I got this apology:
Recently you may have received a suspicious e-mail which appeared to be sent by XXXXXX Services for the XXXXX Insurance Programs. Please be aware that this e-mail was not sent by us, but by an unauthorized third party. The third party illegally accessed our email vendor’s system to create the false appearance that XXXXX Services had sent the mailing.
[…]
To address this incident, the vendor has taken the following steps:
- They have notified law enforcement.
- They have implemented improved security controls to prevent this from happening again.
- They have confirmed that no viruses were sent in the message.
- They have assured us that no sensitive data was accessed or leaked.
[…]
Although our vendor’s e-mail system was illegally breached to send the e-mail, no customer data was removed or downloaded from our files. Moreover, the compromised computer system contained only your name, e-mail address, state, and firm name and address (if applicable.)
Yesterday, I got a letter from my professional organization regarding a lost hard drive:
We are contacting you about an indicent that affects you. A restored XXXXX computer hard drive containing certain member information being transported to the XXXXX cannot presently be located. The hard drive was damaged and had been sent out for repair by an employee in direct violation of the XXXX’s internal control policies and procedures.
[…]
We are contacting you because your name, address and social security number are on the hard drive. Your credit card information was not included.
[…]
We have partnered with ConsumerInfo.com, an Experian company, to provide you with a full year of credit monitoring free of charge.
Yikes! Haven’t these people learned anything about protecting data?
At least my personal property tax bills don’t have my social security number on them anymore.
VIVIAN J. PAIGE | All Politics is Local 