Progressive officials confirmed this month that the Mayfield Village, Ohio-based company notified 13 people in January that personal information -- including their names, Social Security numbers, birth dates and property addresses -- had been accessed by an unauthorized employee who has since been fired.

Michael O'Connor, a spokesman for Progressive, said the company was alerted to the situation when a woman in Ohio complained about receiving calls from an agent inquiring about her house being under foreclosure. The employee "wrongly used the information in a real estate database," O'Connor said. He noted that although no hacking was done to get at the data, the agent's actions constituted a violation of Progressive's code of ethics.

"We investigated the situation, the employee was terminated, and we alerted the people whose data was accessed," he said, adding that the matter was resolved in January.

Malice and Accident

Such incidents underscore the threats posed to corporate data by malicious insiders and by workers who accidentally leak sensitive information, said Phil Neray, a vice president at database security tools vendor Guardium Inc.