A startup that provides customer management software to independent insurance brokers has inadvertently leaked sensitive policyholder data.
The startup, Chicago-based AgentRun, had stored thousands of files for broker clients on an Amazon S3 storage bucket. Files included highly sensitive personal information like insurance policy documents, health and medical information, and even financial data.
However, the bucket was not secured with a password – which meant anyone could access the storage for information.
Andrew Lech, who founded AgentRun in 2012, informed the company’s clients of the breach in an email.
“We were migrating to this bucket during an application upgrade and during the migration the permissions on the bucket were erroneously flipped,” Lech explained.
The data bucket was closed within an hour of disclosing the leak, ZDNet reported.
Lech also said that his company will be notifying the proper authorities of the data breach, as per state laws.
Some of the insurance companies found in the exposed data include Cigna, Everest, Manhattan Life, SafeCo Insurance, Schneider Insurance, and TransAmerica.
AgentRun had claimed on its website that its service is “secure” and uses the “latest encryption standards” to protect its clients’ data, though ZDNet’s investigation found no evidence that any encryption was used on the bucket.