(Texas Tribune) — A massive security breach at the Texas Department of Insurance leaked the personal information of almost 2 million Texans for nearly three years, according to a state audit released last week.

The department said the personal information of 1.8 million workers who have filed compensation claims — including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries — was accessible online to members of the public from March 2019 to January 2022.

Though personal information was compromised – the agency now says there’s no reason to believe the data was used.

According to TDI, it began investigating back in January this year. They worked with a forensic company, examining the information that was exposed. They didn’t find any evidence that anyone outside of TDI used the data.

The department did not officially acknowledge the security issue until the state auditor’s office conducted a review. After the audit, the Department of Insurance sent out a notice acknowledging it became aware of the issue in January.

The breach occurred because of an issue in the programming code in the department’s web application that manages workers’ compensation data. The issue in the code allowed members of the public to access a protected part of that online application, the department said.

The state’s insurance department said it would provide 12 months of free credit monitoring and identity protection services to individuals whose data was breached.

TDI said it is working to improve its security policies, though they didn’t specify what exactly staff will be doing to prevent this moving forward.

This article originally appeared in The Texas Tribune at www.texastribune.org. The Texas Tribune is a nonprofit, nonpartisan media organization that informs Texans – and engages with them – about public policy, politics, government and statewide issues.