The software behind websites can contain millions of lines of code. And you don’t need to look far to see how a small error can lead to a large release of personally identifiable information (PII), protected health information (PHI), or corporate intellectual property (IP).
Consider these examples from the past year:
- Citi Bike Accounts: In April, a software glitch accidentally exposed credit card and contact information (PII) of more than 1,000 customers of Citi Bike, New York City’s bike-sharing system.
- Snapchat: In December, hackers posted the user names and phone numbers of 4.6 million Snapchat users by exploiting a known vulnerability in the site’s software. Snapchat allows users to send photos that disappear in 10 seconds or less.
- Medicaid Cards: Last month, the Department of Health and Human Services in North Carolina mailed the Medicaid cards of more than 48,000 children to the wrong addresses. The cards contained children’s names and dates of birth (PII), as well as Medicaid identification numbers and the names of their primary care doctors (PHI). State officials blamed the errant mailing on a computer programming error.
Even the most experienced programmers can inadvertently create coding errors or bugs when developing software. Many of those errors are found and addressed before the programs are released. But with the massive size and complexity of programs today, it’s become common for developers to release software to the public with minor bugs or discover bugs later that need to be fixed (think of all the updates you receive to fix bugs on your cell phone apps).
A program crashing on your cell phone may not be a big deal. But what happens if a software bug in your company’s computer system ends up revealing customers’ personal information? Insurance can help. A cyber policy providing programming errors and omissions liability coverage may address a company’s damages and legal fees when errant programming causes the release of customers’ private information.
If the fear of a software error is bugging you or you would like to learn about other aspects of cyber-liability insurance, feel free to e-mail me at sdougherty@iso.com. Also, make sure to follow me on Twitter @doughertyshawn.
Stay tuned for the next blog post in our Cyber Monday Series.