Highmark Data Breach (2011)

On August 9, 2011, Highmark sent an email to Benecon, among others, with a ZIP file attachment containing a number of documents. Unbeknownst to Benecon at time, Highmark had inadvertently included certain personal information in that attachment, including the names and SSNs of a number of individuals. On August 11, 2011, Benecon, not realizing that any personal information was included in the email attachment, archived the information to Benecon's broker portal located within the Benecon webpage. Subsequently, on August 15, 2011 Highmark sent Benecon a request to delete all copies of the email and the ZIP file attachment from the email accounts of all Benecon's employees who had received the email. This was promptly done; however, the contents of the ZIP file containing the personal information unknowingly remained archived on Benecon's broker portal. On September 23, 2013, Benecon was informed that the personal information existed on its broker portal webpage and could potentially be accessed by unauthorized persons. The broker portal was immediately taken offline to terminate the possibility that the personal information could be accessed by an unauthorized person.