COLUMBIA, SC (WIS) - About a month ago, attorney Tom Dougall logged on to healthcare.gov to browse for cheaper insurance for him and his wife.
On Friday, the last thing he expected to hear on his voicemail was a man from North Carolina who says he can access all of Tom's personal information.
Dougall says he thought it was a scam until he realized his privacy had been breached.
"I believe somehow the ACA, the Healthcare website has sent me your information, is what it looks like," said Justin Hadley, a North Carolina resident who could access Tom's information on healthcare.gov. "I think there's a problem with the wrong information getting to the wrong people."
In a telephone interview, Hadley said he simply put in his username and password when Dougall's information appeared.
"The next page that came up was a page that prompted that I have a marketplace eligibility information to download. And that's when I clicked download and Mr. Dougall's information came up in a PDF document," said Hadley.
At first, Dougall didn't know what to think.
"We received a phone call from a gentleman named Justin in North Carolina who informed me that he had gone on the healthcare.gov website and when he logged in under his log in and password, he received a document of all of my and my wife's personal information," Dougall said.
Dougall said he thought it was a ploy.
"Initially I was concerned because I didn't know if this was some guy who was scamming me or if in fact this was a guy who really had my personal information," he said.
Hadley even provided proof, documents containing Tom's personal information and screen shots of the website.
"And you can see that he's actually signed in as Justin and it tells him he has notices about his marketplace eligibility and to download those and when he downloads it, the next screen shot shows him my personal information," Dougall said.
Dougall said now hadley cannot sign up for the coverage he needs because he's been blocked by Tom's personal information.
"I'm assuming I'm going to have to pay the penalty or tax or whatever they're calling it now for not having health insurance next year," said Hadley.
"We're told constantly that it's a secure system and it's not, obviously," Dougall said.
Having lived through one security breach in the state of South Carolina with the Department of Revenue, Dougall wonders what would happen if a professional hacker tried to log on.
"I tried to call healthcare.gov last night and they have no procedure whatsoever to handle security breaches," he said. "All they can do is try to sell you a policy."
Dougall has also contacted his congressmen. He says he's calling the Department of Health and Human Services directly on Monday.
"They're so concerned with trying to fix the problems they currently have that they refuse to acknowledge or won't acknowledge that there's been a major breach," Dougall said.
In the meantime, Dougall does not know how to secure his information.
"I think there's a problem with the wrong information getting to the wrong people," Dougall said.
We reached out the U.S. Department of Health and Human Services, they responded via email Sunday afternoon asking for more information about what happened to Tom and Justin.
Late Sunday, an HHS official said a security team is working to fix the issue. "We are aware of this issue and it is on our punch list of fixes, scheduled to be addressed in the very near future."
They added consumers can call the toll free number or access the online chat tool that is available 24/7.