A coding error in a portal of the Employee Retirement System of Texas inadvertently allowed some users to view the information of others, potentially exposing information on nearly 1.25 million of its members.
In a statement posted on its website, ERS, which administers retirement benefits, including health insurance, for state workers, says that on Aug. 17, it learned about a security issue involving its password-protected ERS OnLine portal that allowed “some, but not all,” ERS members to see some other members’ or certain beneficiaries’ information.
Prior to the flaw being recently corrected, “if a member went to the specific function and modified the search, they might have been able to see the first and last names, Social Security numbers and ERS member identification numbers – known as EmplIDs – for a limited group of members,” the statement says.
Source: Texas Retirement Agency Portal Breach Affects 1.25 Million / Bank Info Security