In What World?

Sometimes when you encounter news stories concerning monumental stupidity, it’s possible to generate some sympathy for the poor fool (or fools) responsible. The Hughes-Kaiser HK-1, better known as the “Spruce Goose”, made perfect sense in the context of World War II, submarine warfare, and the need to move thousands of men rapidly across the Pacific Ocean during the final phases of the planned invasion of Japan. Charging interest rates that no one could possibly afford, seizing the defaulted property and selling it at a profit made perfect sense during the real estate bubble of the early 2000s, and running off to South America to sleep with a woman other than your wife probably didn’t seem any stupider than having sexual contact with an intern in the Oval Office or breaking into the Watergate complex, at least at the time. But even if we can accept that these decisions made sense, at least in context, it’s still hard to imagine what Universal American Insurance thought it was doing when it mailed out 80,000 postcards to its customers with their account information and Social Security numbers on the back…

As noted by the local CBS affiliate, WGAL the company was working through a third-party vendor, and never intended to send out either the Medicare ID numbers or Social Security numbers. However, I think we are correct in asking why the company didn’t know such a mailing was being sent, why the vendor would be sending such a mailing without the client’s approval, and why the vendor itself though this was ever a good idea in the first place. What possible purpose could there be in sending a mailing to people reminding them of information they would have had to provide to the insurance company when they signed up, and in what world could anyone possibly have thought that having sensitive personal information printed where anyone could see it would be a good idea?

It’s even more egregious, in a way, because a similar blunder occurred in New York about fifteen years ago. The local telephone company (NYNEX) noticed that its customers were not using their “calling card” codes to make calls from pay phones (this was before cell phones were common), and decided that these customers had forgotten their personal ID numbers. So they printed the codes, along with the connected telephone numbers, onto post cards and sent them to all 500,000 or so of their customers. The resulting costs (changing the codes to something that hadn’t been leaked to the public, people refusing to pay for telephone service they claimed not to have used and calls they hadn’t made, associated lawsuits, etc.) would have destroyed any smaller company, and was almost certainly a contributory cause of NYNEX being acquired by Bell Atlantic under very favorable terms a few years later. But apparently nobody at Universal American Insurance, or at least its mailing vendor, ever heard about this case…

For the moment, things seem to be resolving in the present case. Universal American Insurance is offering all of its customers a year of free credit monitoring, and there don’t seem to be any reports of massive Medicare fraud in Pennsylvania or any of the surrounding states. In the meanwhile, I’d have to say that this case serves as a warning to every company out there that has sensitive customer information to be careful with it. Don’t assume that just because something seemed like a good idea at the time that it won’t turn out to be compared unfavorably to the Dot-com crash, the Mortgage crisis, or the decision to give a performance artist $55,000 to place a giant inflatable banana into low Earth orbit. Because in our world, it might be…