Aetna‘s motto is “We would like to know”…
a) about security
b) how they got in
c) damage control 101
or
d) why these kids are on my lawn.
From Softpedia:
Aetna, one of the largest health care benefit companies in the U.S., alerted around 65,000 current and former employees that their Social Security Numbers might have been stolen by hackers. The breach occurred on the company’s job application website, which was being maintained by a partner.
A few weeks ago, the insurance firm started receiving complaints from numerous people regarding spam e-mails sent in its name. The messages were actually part of a phishing campaign and claimed to be responses to job applications. The targeted individuals were being asked to provide additional personal information.
Oops. This happens so often for major corporations that it has become a sad joke. My curiousity would be if employees could be compromised this easily what security is in place around client data? Apparently there are roughly 450,000 users registered on the site. “Could have been worse” is a phrase that was said to me but, does that make it better?
Oh, and did I ever mention how much I enjoy the spin?
The company is fairly certain that at least e-mails have been stolen, but has no evidence regarding the SSNs yet.
Ugh.
Until people start suing for this more often, there’s really no push for companies to get security right. Since so many of them are so bad at it and so many have had breaches and all they get is a minor PR problem. But who’s going to sue the company they are currently working for? I think I’d probably try to go after them in small claims court if it happened to me.
They are also fairly certain the hackers were part of a cooperative team effort composed of members from exclusively Russia and China…
@Matt
Ah, the Chinese and Russian hobgoblins that plague the world…. *sigh*