The Texas Department of Insurance (TDI) discovered a massive data breach that included the private information of around 1.8 million Texas residents. The institution has now explained what happened.
While many data breaches are caused by attackers compromising the infrastructure of a company or institution, that’s not the only way to expose precious data. Some of the data breaches are the result of negligence or simple mistakes. The good news is that malicious actors don’t always notice misconfigurations, and the data remains safe, albeit exposed.
The Texas Department of Insurance is an institution that regulates the insurance market in Texas, which means they interact with a lot of private information.
“In January 2022, TDI found the issue was due to a programming code error that allowed internet access to a protected area of the application,” said TDI in a press release. “TDI promptly disconnected the web application from the internet.”
An audit is usually required in such situations, which is exactly what happened. The problem is that it was impossible to say for sure that no third parties accessed the data while it was available between March 2019 and January 2022, according to The Texas Tribune.
The audit found that the exposed information contained the claimants’ names, addresses, dates of birth, and phone numbers, part or all of their Social Security numbers, and information about injuries and workers’ compensation claims. The report also mentions that some of the information was omitted because it might pose risks related to public safety, security or private or confidential data disclosure.
TDI said it would contact all 1.8 million people potentially affected by the data breach, but it’s unclear how many have been informed so far.
Has your data been exposed in a data breach? Check now if your personal info has been stolen or made public on the internet with Bitdefender’s Digital Identity Protection tool. If you are looking for a comprehensive, check out Bitdefender Ultimate Security, which also includes Digital Identity Protection and unlimited VPN, among many other features.