"Oregon Insurer Data Breach May Have Exposed Personal Info"

Oregon workers compensation insurer SAIF Corp. suffered a data breach last fall that may have exposed some policyholders’ Social Security numbers and medical information.  The company noted that much of the information was at least two decades old, but some who filed claims in September and October may have had medical information compromised.  SAIF is a not-for-profit organization that serves as the state’s leading provider of workers compensation coverage.  It has more than 54,000 policyholders, according to its 2021 annual report.  The company stated that they are unaware of any lingering threat or other illicit activity on their network.  The company said the breach occurred on October 24th and notified customers on December 8th.  The insurer said it hired outside security experts to help manage the incident, contacted law enforcement, and has no evidence that hackers have misused the data.  Subsequent analysis determined that most claimant and policyholder data was from prior to 2003.  The company stated that hackers may have accessed policyholders’ Social Security numbers, bank account numbers, and medical information.  The hackers may also have accessed claimants’ Social Security numbers, driver’s license numbers, bank account numbers, health insurance policy numbers, and medical history.

GovTech reports: "Oregon Insurer Data Breach May Have Exposed Personal Info"