[ISN] California Department of Insurance Computer Hacked,
isn at c4i.org
Fri Jul 16 03:28:03 EDT 2004
SACRAMENTO - A California Department of Insurance (CDI) computer
server, used for pre-licensing purposes, was accessed without
authorization on June 30, 2004. The Department is sending individual
letters to the 599 applicants who were in the process of applying for
insurance producer licenses and whose information was on the computer
server at the time of the security incident.
Upon discovery of the unauthorized access, as required by state
policy, the Department of Insurance immediately notified the
California Highway Patrol and the Department of Finance, Technology
Oversight Security Unit. CDI will continue to participate in their
investigation until it is completed.
Although the accessed computer server contained applicants names,
addresses, and social security numbers, this information was encrypted
and it is highly unlikely that information was compromised. The
Department of Insurance employs one of the best levels of encryption
software on the market in order to ensure that information, even if
accessed, is highly unlikely to be decrypted into anything useful. CDI
has also taken additional security measures to prevent unauthorized
accesses in the future.
While the Department of Insurance does not believe that private
information has been revealed, it still suggests that the individuals
contacted by letter order a credit report to verify that there is no
unauthorized activity. Even if individuals in this incident choose not
to order credit reports at this time, the California Office of Privacy
Protection recommends that everyone check their credit report at least
once a year.
Applicants who were in the process of applying for an insurance
producer license from the Department and are concerned that their
information may have been impacted, should call Archie Alimagno, the
Department's Information Security Officer, at 916/492-3353.
More information about the ISN