June 9, 2009 | last updated May 26, 2012 7:43 am

Aetna named in security-breach lawsuit

Hartford health insurer Aetna Inc. is being sued for a data breach that allegedly exposed current, former and prospective employees' personal information to the Web.

The class-action suit was filed in a Pennsylvania District Court last Friday. It claims that Aetna allowed hackers to enter its Web site and gain access to Social Security numbers from about 65,000 current, former and potential employees and demands credit monitoring, punitive damages, costs and other relief.

Aetna spokeswoman Cynthia Michener said today the company "did the right thing by proactively notifying people about this incident." It is offering free credit monitoring to those who have been affected, Michener said, "even though our independent IT security consultant has not determined that any information was accessed beyond email addresses."

"It's unfortunate that we're being sued for acting with integrity and honesty," she said.

The suit was brough by Cornelius Allison, a Pennsylvania resident who worked for Aetna from 1998 to May 2005.

In January, Allison applied for another position at Aetna and entered his personal information into the company's Web site. Months later, he received a letter from Aetna stating that his personal information may have been compromised in a data breach.

Last month, Aetna sent out similar letters to 65,000 other current and former employees whose Social Security numbers may have been compromised on the company's job application Web site which holds names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, the compliant said.

The company found out about the breach when people began receiving spam messages that appeared to come from Aetna and purported to be a response to a job inquiry and requested more personal information.

The complaint alleges that "Aetna unlawfully failed to maintain reasonable systems and procedures to protect (Allison's) and (other employees) information."

The suit also alleges that the company failed to follow its own privacy policy charging them with negligence, breach of implied contract, negligent misrepresentation, and invasion of privacy.

According to the complaint, Aetna also suffered a similar data breach in 2006.

Free E-Newsletters

Sign up now for our daily and weekly
e-newsletters! Click Here

Today's Poll
Most Popular on Facebook
Copyright 2017 New England Business Media