Aetna Website Data Breach May Have Compromised Employee Social Security Numbers

A recent data breach at the insurance company Aetna may have lead to thousands of employee social security numbers being compromised. Aetna, a large insurance company, found out about a website breach earlier this month when several people started to receive spam messages that appeared to have come directly from Aetna and complained to the company. The spam messages resembled a response to a job inquiry asking for additional personal information from the recipient.

Since the discovery of the breach, Aetna has contacted 65,000 current and former employees whose social security numbers could have been stolen. In addition to those 65,000 persons contacted, 450,000 applicants who utilized the Aetna job application web site may have had their phone numbers, e-mail addresses and mailing addresses compromised. Aetna's spoke person, Cynthia Michener, said that the social security numbers for the 450,000 applicants were not stored on the website because it was handled by an outside vendor.

Details of the data breach will reveal that the spam campaign clearly identifies that the hackers were able to harvest email address from the web site. As of now it is not certain if any social security numbers of the 65,000 current and former employees were stolen but as a preventative measure Aetna has sent letters to all of them offering free credit monitoring for one year.

As for moving forward, Aetna has hired an IT forensics company to figure out how the breach happened so they can make changes so it will not happen again. If you visit the Aetna job site you may notice posted alerts warning people of the spam campaign.

Have you used the Aetna job site to fill out an application or to apply for a job? Have you received a spam message in the past month that appeared to have come from Aetna? Does this breach sound familiar to other instances where a big company's website was attacked?