P2020-ND-049

Combined Insurance Company of America

The Organization takes electronic insurance policy applications from consumers in the normal course of business. Typically, an agent will meet with a consumer to complete an application, including a needs analysis. Information is uploaded to the Organization?s e-Agent platform. In September 2019, as part of a routine compliance audit, staff noticed 3 instances where the name on the needs analysis document did not match the name on other policy documents. Further investigation found that if an agent failed to properly clear the needs analysis information for a previous customer, the previous customer?s information might inadvertently become associated with a new applicant. The breach occurred between November 2017 and September 2019. The problem was identified September 18, 2019. The Organization reported it was not aware of any actual or attempted misuse of the personal information at issue.

File Type: pdf
Categories: 2020
Tags: Unauthorized access