*****SPAM***** [ISN] California Department of Insurance Computer Hacked, Agents Notified

From: InfoSec News (isn@private)
Date: Fri Jul 16 2004 - 00:28:03 PDT

SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam.  The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: Content analysis details:   (5 hits, 5 required)
SPAM: Hit! (2.7 points)  Subject contains lots of white space
SPAM: Hit! (2.3 points)  BODY: Talks about social security numbers
SPAM: -------------------- End of SpamAssassin results ---------------------


SACRAMENTO - A California Department of Insurance (CDI) computer
server, used for pre-licensing purposes, was accessed without
authorization on June 30, 2004. The Department is sending individual
letters to the 599 applicants who were in the process of applying for
insurance producer licenses and whose information was on the computer
server at the time of the security incident.

Upon discovery of the unauthorized access, as required by state
policy, the Department of Insurance immediately notified the
California Highway Patrol and the Department of Finance, Technology
Oversight Security Unit. CDI will continue to participate in their
investigation until it is completed.

Although the accessed computer server contained applicants’ names,
addresses, and social security numbers, this information was encrypted
and it is highly unlikely that information was compromised. The
Department of Insurance employs one of the best levels of encryption
software on the market in order to ensure that information, even if
accessed, is highly unlikely to be decrypted into anything useful. CDI
has also taken additional security measures to prevent unauthorized
accesses in the future.

While the Department of Insurance does not believe that private 
information has been revealed, it still suggests that the individuals 
contacted by letter order a credit report to verify that there is no 
unauthorized activity. Even if individuals in this incident choose not 
to order credit reports at this time, the California Office of Privacy 
Protection recommends that everyone check their credit report at least 
once a year.

Applicants who were in the process of applying for an insurance 
producer license from the Department and are concerned that their 
information may have been impacted, should call Archie Alimagno, the 
Department's Information Security Officer, at 916/492-3353.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Fri Jul 16 2004 - 02:13:53 PDT