Maryland property insurer left customer data exposed

Maryland property insurer left customer data exposed | Insurance Business

Maryland property insurer left customer data exposed
A property insurer based in Maryland mistakenly left some of its customer data exposed online, potentially endangering its clients.

The insurer, Maryland Joint Insurance Association (MJIA), claims that there is no evidence that the data was accessed improperly.

California-based cybersecurity firm UpGuard found the insurer’s data exposed on the internet, and later informed MJIA of the vulnerability.

“They made us aware of the potential threat and we reached out to our own IT specialists who have taken care of the threat,” MJIA general manager Christopher Dooley told The Baltimore Sun. “We take securing data very seriously.”

MJIA confirmed that it had moved archived data months ago to a backup system, which was maintained internally. The company, however, failed to realize that the information lacked proper defenses.

The insurer also said that much of its current customer data is maintained by a secure outside firm.

Dooley assured most of the archived data was from former customers. Officials have yet to decide if they will notify individuals who may have been affected by the leak, as they do not believe any data was taken. There were no Social Security numbers or bank information among the exposed data.

Related stories:
Anthem data breach could expose personal data of thousands
Embarrassing Sony email leak teaches cyber brokers an important lesson