According to a public notice released by the Texas Department of Insurance, the personal information of roughly two million Texans was left exposed on the internet for three years due to a programming issue. The department stated that the details of workers who have filed compensation claims were left unsecured online. The security incident was addressed in a state audit report that was published last week. This means that from March 2019 to January 2022, personally identifiable information including Social Security numbers, addresses, dates of birth, phone numbers, and information about workers’ injuries was exposed to anyone who knew how to find it.

The public notice confirmed that TDI became aware of the security issue on January 4, 2022 after discovering a flaw in the TDI web application that manages workers’ compensation information. TDI is a state agency that oversees the insurance industry in Texans and ensures that companies are abiding by state regulations. According to the audit, TDI immediately took the application offline when it realized the flaw. A forensics company worked alongside TDI to determine the scope of the incident. TDI has also issued letters to individuals who submitted new workers’ compensation claims between March 2019 and January of 2022, offering 12 months of credit monitoring and identity protection services.

Read More: Personal Information of Nearly Two Million Texans Exposed