Insurance Misstep May Compromise Personal Data for 32K People

(TNS) — The personal data of 32,276 USAA members was put at risk through what the San Antonio insurance and financial services company said was the mistaken posting of their information to another member's online account.

Nearly 4,200 of those are Texans, according to the company's report to the state attorney general.

In a notice to affected members, USAA said its investigation found no indication of fraud or identity theft resulting from the incident, which exposed members' names, addresses, Social Security and drivers license numbers, dates of birth and medical information.

It resulted from what the company told the Office of the Maine Attorney General was an "internal system breach."

JUNE, 2023: USAA: Data breach gave 'unauthorized individuals' access to about 19,000 members' personal info

According to notices USAA mailed Aug. 27 to its affected members, the breach occurred April 13 during a "routine update to our document delivery system." The mistake was discovered April 30.

"As a result of the error, some documents for members with property and casualty insurance products through USAA were inadvertently posted to another member's online account," it said. "Based on our investigation, which concluded on July 31, 2024, we determined that

some of your personal information may have been inadvertently disclosed to another USAA member."

The letter from Jeff Kennedy, who signed the letter as chief privacy officer but was promoted in April to chief security officer, said USAA "promptly took corrective steps to remove the inadvertently posted documents" and has since taken measures to prevent it from happening again.

It offered a complimentary two-year membership to Experian IdentityWorks, a product it said provides detection and resolution of identity theft.

READ NEXT: Who could replace Wayne Peacock as CEO of USAA?

Data breaches have become an increasingly common occurrence across the country and have hit many well-known San Antonio institutions including health systems, universities and financial and technology companies in recent years. The April breach wasn't the first for USAA.

In June 2023, USAA reported the personal information of an estimated 19,000 members had been exposed online. In the breach that occurred between Dec. 20, 2022 and May 18, 2023, it said a third-party contractor shared member access credentials with unauthorized individuals, giving them access to members' personal and financial information.

The company last year provided insurance, banking and retirement solutions to more than 13.5 million members of the U.S. military, veterans and their families.

© 2024 the San Antonio Express-News. Distributed by Tribune Content Agency, LLC.