Aetna notifies 65,000 of job website breach

By SearchFinancialSecurity.com staff 28 May 2009 | SearchFinancialSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Aetna Inc. notified 65,000 people, most of them current and former employees, of a website breach that may have exposed their Social Security numbers and other personal information.

The Hartford, Conn.-based insurance company discovered the breach the week of May 4, after receiving complaints from employees and others about an email scam, said Aetna spokesperson Cynthia Michener. Intruders had accessed email addresses in Aetna's job application website and database, which is hosted by an external vendor. The email addresses were used in spam messages that claimed to respond to a job inquiry and requested personal information.

Personal information about Aetna job applicants is included in the database, making it possible that other information was exposed, she said. For people who were offered jobs with Aetna, that information includes names, addresses, Social Security numbers, and phone numbers. The data didn't include any financial or health information.

Although there is no conclusive evidence that information other than email addresses was accessed, Aetna notified 65,000 people who had a Social Security number in the database as a precautionary measure, Michener said. The vast majority of those notified are current and former employees, along with people who were offered jobs. The company also offered them credit monitoring.

"We took immediate action to prevent further unauthorized access, and hired an external IT security firm to thoroughly investigate and institute additional protective measures with our vendor," Michener said.

The investigation hasn't reached a definitive conclusion on how intruders accessed the email addresses, she said.

Immediately after discovering the breach, Aetna immediately took down the job application site while it investigated the incident and put up notices on Aetna.com and employee intranet to alert people about the email scam, Michener said.

Tags: Data breaches and prevention strategies,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data breaches and prevention strategies Bank computer technician indicted in identity theft scheme Survey: Consumers don't trust banks to keep their data secure ChoicePoint settles with FTC over second data security breach Data breach lawsuit puts spotlight on bank's security measures Google ordered to deactivate Gmail account after bank email error Threat of insider fraud growing with bad economy Data breach protection: Implementing vendor breach safeguards Zeus Trojan hitting banking customers hard TJX settles with banks for $525,000 RBS WorldPay agrees to market VeriFone end-to-end encryption

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Governance, Risk and Compliance  (SearchFinancialSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary