The News Journal reports that the information appeared on the state’s procurement Web site from August 16 to August 20, and included the retirees’ Social Security numbers, dates of birth and gender. Retirees from state government — including teachers, state police and the judiciary — potentially are affected by the breach. Local government retirees and volunteer firefighters are not affected.
According to the news report, Aon said it accidentally included the personal information in a request for proposals it had prepared to solicit bids from insurance companies interested in providing vision coverage to state employees and retirees. Spokesman Joe Micucci explained that insurers need age and other information on the pool of people to be covered to prepare a bid, and that is normally done by using a random series of digits assigned to individuals to shield their identity.
However, “the information that should have been randomized was not,” Micucci said. Aon is investigating how the identifying information ended up in the request for proposals in order to prevent any similar incidents.
Brenda Lakeman, Delaware’s director of statewide benefits, said earlier versions of the request for proposals were reviewed internally, and none contained the confidential information, but the final version did, and no one spotted it.
The News Journal said the breach came to light when an insurer called the state Office of Management and Budget with a question about the request for proposals, and an OMB employee opened the request and spotted the information. The RFP was immediately taken off the Web site.Aon Consulting is mailing letters to all 22,000 retirees affected by the data breach, and is offering one free year of credit monitoring by credit bureau Experian to those affected.