Randall,
You may not have posted about this incident anywhere, but it sounds like a
record of what happens does exist. Am I correct in assuming that local law
enforcement got involved? I imagine this also causes claims to be made with the
insurance providers of all parties involved. In addition, other involved
parties may have posted to social media about the incident in which you were
involved. So the number of organizations made aware of the incident is
significant. Setting Occam's Razor aside for the moment, you can list a few
different possibilities. If you were so inclined to research the issue further,
this would be a great place to start.
First, there is always the possibility that someone is intentionally sharing
data. Either your insurer or local law enforcement. Whether there is malicious
intent or not is irrelevant, sometimes it's just pure greed at higher levels of
management in an industry with weak regulatory oversight.
Second, there is another (non-malicious) explanation having to do with
unaddressed security breaches. We know insurance companies are slow to identify
holes and have in the past been subject to data exfiltration over extended
periods of time. Looking at you, Equifax ;)
Third, there are hidden "data sharing agreements" that often lurk within the
world of Microsoft's Office365. I had the amusing opportunity to encounter this
a few years ago while working for an IT contractor onsite for a large
multinational corporation. My employer had a data sharing contract with
Microsoft. This means Microsoft had access to all our accounts ("anonymous"...
of course..) as part of some AI or analytics service. However, due to the
nature of my work I and my coworkers rarely logged into our accounts since we
were fully invested in the customer's IT world, with their O365 accounts.
One day... and email was sent out with a special code that would link our
customer O365 accounts to our employer O365 accounts, per the data sharing
agreement with Microsoft. Needless to say, the customer found out any we all
had to remove the link since it violated the customer's IT cybersecurity
policy. Microsoft tried to leverage a large, multinational IT contractor to
indirectly access internal company data.
My point with that anecdote is this: The IT world is extremely Microsoft
centric. And Microsoft is actively engaging in data exfiltration under the
guise of Business Intelligence, AI Training, and general ease of use. So if you
were in a car accident and a police officer showed up to assist, then a report
was created and saved on his computer. At that moment he may have inadvertently
triggered a sequence of events where that report (and all PII contained within)
was distributed to various different agencies, contractors and databases for
various different and perfectly legitimate reasons. At any step in that
process, your data could have been exfiltrated and used to automate spam.
AFAIK there is no regulatory framework in place that allows you to formally
complain about data privacy concerns with a guaranteed result. There's no
"HIPAA for auto insurance" and therefore there is no easy way to identify how
your data ended up in unscrupulous hands.
-Ben
On Wednesday, July 30th, 2025 at 1:32 PM, American Citizen
<website.read...@gmail.com> wrote:
> Absolutely did NOT post even a "." on social media.
>
> On 7/30/25 07:11, Ted Mittelstaedt wrote:
>
> > The other possibility is you posted about the accident on social media and
> > the spam scrapers picked up the post.
> >
> > Ted
