Combined Insurance Company of America
On Friday, October 30, 2020, an employee sent an email and mistakenly added the contact list of email recipients to the email itself. The list contained contact information of 415 individuals (independent contractors) and was emailed to all 415 individuals on the list. The contact list was not password protected. The employee who sent the email discovered the error and tried to recall it. On November 2, 2020, an email was sent to all recipients of the email instructing each of them to delete the original email and its attachment, to not retain any of the information contained in the email in any form, and to not disclose said information to any third party. Recipients were also asked to confirm deletion of the original email and its attachments without retaining or disclosing any of its contents. All responses are currently being tracked and followed up on.