(Reuters) – Insight Global, a vendor paid to conduct COVID-19 contact tracing in Pennsylvania, said on Thursday that some personal information collected by its employees during contact tracing may have been accessible to persons beyond authorized employees and public health officials.
The Associated Press reported earlier on Thursday that private information of at least 72,000 people, including their exposure status and their sexual orientation, may have been compromised. The report cited the state’s Health Department.
Insight Global said it became aware of the security vulnerability on April 21 and took steps to prevent any further access to or disclosure of information by April 23.
“Insight Global did not collect Social Security numbers, financial account information, or payment card information, and that type of information was not involved in this incident”, the statement said.
The vendor said it was working with the Pennsylvania Department of Health to identify any individuals whose information may have been affected, adding that third-party IT security specialists were engaged to help determine the scope of the incident.
(Reporting by Kanishka Singh in Bengaluru; Editing by Jacqueline Wong)
