A newly discovered MedicareSupplement.com data breach has been identified, exposing a lot of sensitive information. The unfortunate reality is many companies are relying on cloud-based web storage without properly securing that storage with a strong password.

MedicareSupplement.com is not an insurance company. They are a marketing connection point that enables consumers to look for affordable insurance plans that their typical insurance coverage does not provide. When customers would look for additional coverage providers in their area through this platform, they had to enter a lot of personal information.

Information Accessed

The stored information for over five million users was left visible for anyone to find in the online database. It included names, addresses, email addresses and birth dates.

Cloud-based storage has its benefits if companies know how to protect it. By using third-party online storage providers, businesses do not run the risk of losing their customers’ information to theft, damage, natural disaster or any other physical cause. For many cloud storage providers, the default setting is “open” and non-password protected. It is up to the businesses to change that setting and close the gates on their data.

Identity Threats

There are a handful of dangers with this kind of accidental overexposure, as the MedicareSupplement.com data breach illustrates. Anyone who found the information could see names, IP addresses and email addresses, and use those for spam email campaigns, phishing attempts and other harmful activities. Since the types of insurance the customers were interested in was also visible, someone could have connected the dots to get a picture of consumers’ health care needs and medical information.

There is another serious threat to breaches like the MedicareSupplement.com data breach. Since the database was accessible to anyone who discovered it, a malicious hacker could have inserted malware into the database. The next time someone from the company legitimately accessed the stored database, it could potentially install that malware on the company’s network, leading to a far more serious data breach.

Next Steps

Right now it is unknown if anyone found or used the information in this stored database, so the MedicareSupplement.com data breach should be treated as a very serious event. Customers who have entered their information on this website need to be very mindful of potential spam, fraud attempts and medical identity theft. Furthermore, businesses who rely on cloud storage and online servers must secure their information with the proper security protocols.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Government Cracks Down on Robocalls

Millions of Venmo Payment Apps Accessed Publicly

Rental Car Risks: What it means for Your Identity