A US health insurance company, Centene Corporation, has admitted that it has lost six hard drives that contained the records of around 950,000 people.
Personal information such as customer names, addresses, social security numbers, health information and dates of birth are amongst the pieces of data that have been lost. The company says that there is no financial or payment information contained on these drives. The data that were lost related to people who received laboratory service between 2009 and 2015.
The company's chief executive, Michael Neirdorff, released a statement regarding the data loss, in which he said:
While we don't believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives
According to the company, the drives were being used as part of a data project, to improve the health outcomes for its members. Customers who have been affected by the data loss will be contacted by Centene Corporation and offered a free healthcare monitoring service.
Due to the significant amount of data lost, security researchers and analysts are worried about how people with ill-intent will be able to use the information contained illegitimately. Paul Farrington, from security company Veracode explained the potential issue in a statement:
if this data was found and accessed, it could lead to fraudsters piecing together a bigger picture of information on individuals that could be used to trick users into giving away money, power and information to people who would do harm.
There's no shortage of examples of user data falling into the wrong hands and being shared online - particularly on the dark web. Data from previous breaches, such as those affecting Hello Kitty and TalkTalk, have offered up plenty of information that could potentially be abused by identity thieves and other criminals.