Health insurer Aetna, Inc., will provide 65,000 individuals with free credit monitoring for a year after its job application Web site was breached.
The Web site, which was maintained by the Taleo Corporation, had Social Security numbers of current and past employees and individuals who received job offers from the insurer.
The site reportedly held e-mail addresses for about 450,000 individuals who had applied for jobs or submitted resumes to the company and were waiting to be notified about job openings. Spokeswoman Cynthia Michener said Aetna doesn’t know how many were copied, but the site has been disabled and is undergoing a “thorough forensic review” by an outside company.
“The investigation did not conclude definitively that any other information was accessed,” said Michener, however she said Aetna was taking “precautionary measures”.
The Aetna home page contains an alert that says “spammers have sent e-mails claiming to be responding to a job inquiry from the recipient and requesting personal information. These emails are not from Aetna, but may appear to be. As with any suspicious e-mail, if you receive one, please delete it and do not forward the message.”
This is not the first time the Hartford, Conn.-based insurer has had to provide free credit monitoring services. In April 2006, Aetna notified approximately 38,000 members that an employee’s laptop computer containing certain personal member information was stolen from a car in a public parking lot.
Aetna CEO and President Ronald A. William said at the time, “In this case, our employee did not follow our corporate policies, and it was coupled with a criminal theft. In light of this, we are augmenting our efforts to ensure employee compliance with all Aetna security requirements.”
“Almost any company of any size has had a security breach. If they haven’t found one, then they aren’t looking,” said Lisa Sotto, partner and head of the Privacy and Information Management Practice at Hunton & Williams. “It’s important to be proactive, so there’s a plan in place. The best prepared companies have a plan on the shelf ready, and conduct mock breaches.”
“The key for any company that experiences a breach is to maintain the trust of the affected individuals,” she added. “In this case, providing credit monitoring was a move that was carefully designed to help maintain the trust of the individuals impacted.”
