They almost certainly did not. They likely just hired a cheap contractor to get their service up, and went with it when "it worked".
The contractor (who was certainly incompetent) probably looked at a bunch of nightmarishly complex identity API's and said "F** it!", combine that with being grossly underpaid and you get stuff like this.
It's a bad situation, of course, and involving threatening lawyers makes it even more ugly. But I can understand how a very small business (knowing nothing about IT other that what their incompetent contractor told them) might get really offended and scared shitless by some rando giving them a 30-day deadline, reporting them to authorities, and demanding that they contact all affected customers.
Most likely, the insurance company handles the actually insurance policies, claims, payouts, etc themselves, but uses a contractor to build their website, user portals, etc.
crispyambulance|9 days ago
The contractor (who was certainly incompetent) probably looked at a bunch of nightmarishly complex identity API's and said "F** it!", combine that with being grossly underpaid and you get stuff like this.
It's a bad situation, of course, and involving threatening lawyers makes it even more ugly. But I can understand how a very small business (knowing nothing about IT other that what their incompetent contractor told them) might get really offended and scared shitless by some rando giving them a 30-day deadline, reporting them to authorities, and demanding that they contact all affected customers.
master-lincoln|9 days ago
But that is ok I think. They should get scared enough to not risk such a neglect again
skrebbel|9 days ago
pimlottc|9 days ago
JHorse|9 days ago