Randall,

You may not have posted about this incident anywhere, but it sounds like a 
record of what happens does exist. Am I correct in assuming that local law 
enforcement got involved? I imagine this also causes claims to be made with the 
insurance providers of all parties involved. In addition, other involved 
parties may have posted to social media about the incident in which you were 
involved. So the number of organizations made aware of the incident is 
significant. Setting Occam's Razor aside for the moment, you can list a few 
different possibilities. If you were so inclined to research the issue further, 
this would be a great place to start.

First, there is always the possibility that someone is intentionally sharing 
data. Either your insurer or local law enforcement. Whether there is malicious 
intent or not is irrelevant, sometimes it's just pure greed at higher levels of 
management in an industry with weak regulatory oversight. 

Second, there is another (non-malicious) explanation having to do with 
unaddressed security breaches. We know insurance companies are slow to identify 
holes and have in the past been subject to data exfiltration over extended 
periods of time. Looking at you, Equifax ;)

Third, there are hidden "data sharing agreements" that often lurk within the 
world of Microsoft's Office365. I had the amusing opportunity to encounter this 
a few years ago while working for an IT contractor onsite for a large 
multinational corporation. My employer had a data sharing contract with 
Microsoft. This means Microsoft had access to all our accounts ("anonymous"... 
of course..) as part of some AI or analytics service. However, due to the 
nature of my work I and my coworkers rarely logged into our accounts since we 
were fully invested in the customer's IT world, with their O365 accounts. 

One day... and email was sent out with a special code that would link our 
customer O365 accounts to our employer O365 accounts, per the data sharing 
agreement with Microsoft. Needless to say, the customer found out any we all 
had to remove the link since it violated the customer's IT cybersecurity 
policy. Microsoft tried to leverage a large, multinational IT contractor to 
indirectly access internal company data. 


My point with that anecdote is this: The IT world is extremely Microsoft 
centric. And Microsoft is actively engaging in data exfiltration under the 
guise of Business Intelligence, AI Training, and general ease of use. So if you 
were in a car accident and a police officer showed up to assist, then a report 
was created and saved on his computer. At that moment he may have inadvertently 
triggered a sequence of events where that report (and all PII contained within) 
was distributed to various different agencies, contractors and databases for 
various different and perfectly legitimate reasons. At any step in that 
process, your data could have been exfiltrated and used to automate spam. 

AFAIK there is no regulatory framework in place that allows you to formally 
complain about data privacy concerns with a guaranteed result. There's no 
"HIPAA for auto insurance" and therefore there is no easy way to identify how 
your data ended up in unscrupulous hands.
-Ben


On Wednesday, July 30th, 2025 at 1:32 PM, American Citizen 
<website.read...@gmail.com> wrote:

> Absolutely did NOT post even a "." on social media.
> 
> On 7/30/25 07:11, Ted Mittelstaedt wrote:
> 
> > The other possibility is you posted about the accident on social media and 
> > the spam scrapers picked up the post.
> > 
> > Ted

Reply via email to