CDI Notifies Applicants of Unauthorized Access to Private Information on Computer Server

A California Department of Insurance (CDI) computer server, used for pre-licensing purposes, was reportedly accessed without authorization on June 30, 2004.

The Department is sending individual letters to the 599 applicants who were in the process of applying for insurance producer licenses and whose information was on the computer server at the time of the security incident.

Upon discovery of the unauthorized access, as required by state policy, the Department of Insurance immediately notified the California Highway Patrol and the Department of Finance, Technology Oversight Security Unit. CDI will continue to participate in their investigation until it is completed.

Although the accessed computer server contained applicants’ names, addresses, and social security numbers, this information was encrypted and it is reportedly highly unlikely that information was compromised. The Department of Insurance reportedly employs one of the best levels of encryption software on the market in order to ensure that information, even if accessed, is highly unlikely to be decrypted into anything useful. CDI has also taken additional security measures to prevent unauthorized accesses in the future.

While the Department of Insurance does not believe that private information has been revealed, it still suggests that the individuals contacted by letter order a credit report to verify that there is no unauthorized activity. Even if individuals in this incident choose not to order credit reports at this time, the California Office of Privacy Protection recommends that everyone check their credit report at least once a year.

Applicants who were in the process of applying for an insurance producer license from the Department and are concerned that their information may have been impacted, should call Archie Alimagno, the Department’s Information Security Officer, at 916/492-3353.