7 Million Excellus BlueCross BlueShield Customers' Personal Data Exposed
Posted by: Jon Ben-Mayor on 09/09/2015 05:41 PM
[
Comments
]
In another massive breach in security of a medical insurance provider, over 7 Million Excellus BC/BS customers' encrypted data has been exposed to cyber-attackers. The breach originally occurred in Dec, 2013 and was left unchecked until discovered in August, 2015. There are also 3.5 Million non-plan holders potentially affected as well.
We worked closely with Mandiant, one of the world’s leading cyber-security firms, to conduct our investigation and to remediate the issues created by the attack on our IT systems. We are taking additional actions to strengthen and enhance the security of our IT systems moving forward.
Our investigation determined that the attackers may have gained unauthorized access to individuals’ information, which could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS. Individuals who do business with us and provided us with their financial account information or Social Security number are also affected.
We sincerely regret the frustration and concern this incident may cause. We want you to know that protecting your information is incredibly important to us, as is helping you through this situation with the information and support you need.
As soon they learned about the cyber-attack, Excellus immediately began working to close the vulnerability and contacted the FBI. It took time to figure out who was potentially affected. They have no evidence any data was removed at any point during this attack or that any of the compromised data has been used inappropriately since the attack. This strikes me as funny, (not really funny in the laughing sense) why else would attackers access information if not to use it to make $$$?
As with any high-profile attack be aware of emails asking you to verify information. They are a scam, and the "phishermen" are looking to piggyback the attack and gain access to your info. Period.
Excellus will not initiate any correspondence via email, so if you receive one regarding this it is strongly recommended that you:
DO NOT click on any links in email.
DO NOT reply to the email or reach out to the senders in any way.
DO NOT enter any information on any website that may open, if you have clicked on a link in the email.
DO NOT open any attachments that arrive with email.
If you are a subscriber, Excellus has set up a hotline for questions and concerns at 1-877-589-3331. They are also providing affected customers with two years free credit monitoring via Kroll.
*** You can also go a little further and place a 90 day fraud alert on the big three (Experian, TransUnion, and Equifax) but here's a little life hack, call Equifax at 1-888-766-0008 first - as they will forward the information over to the other 2 - saving you time from navigating the lengthy (and annoying) automated phone labyrinth 3 times! This service can re-upped every 90 days, the extended 7-year fraud alert seems to require you to have a police report and is more tailored to someone that HAS had their information used fraudulently.
We worked closely with Mandiant, one of the world’s leading cyber-security firms, to conduct our investigation and to remediate the issues created by the attack on our IT systems. We are taking additional actions to strengthen and enhance the security of our IT systems moving forward.
Our investigation determined that the attackers may have gained unauthorized access to individuals’ information, which could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information. This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS. Individuals who do business with us and provided us with their financial account information or Social Security number are also affected.
We sincerely regret the frustration and concern this incident may cause. We want you to know that protecting your information is incredibly important to us, as is helping you through this situation with the information and support you need.
As soon they learned about the cyber-attack, Excellus immediately began working to close the vulnerability and contacted the FBI. It took time to figure out who was potentially affected. They have no evidence any data was removed at any point during this attack or that any of the compromised data has been used inappropriately since the attack. This strikes me as funny, (not really funny in the laughing sense) why else would attackers access information if not to use it to make $$$?
As with any high-profile attack be aware of emails asking you to verify information. They are a scam, and the "phishermen" are looking to piggyback the attack and gain access to your info. Period.
Excellus will not initiate any correspondence via email, so if you receive one regarding this it is strongly recommended that you:
If you are a subscriber, Excellus has set up a hotline for questions and concerns at 1-877-589-3331. They are also providing affected customers with two years free credit monitoring via Kroll.
*** You can also go a little further and place a 90 day fraud alert on the big three (Experian, TransUnion, and Equifax) but here's a little life hack, call Equifax at 1-888-766-0008 first - as they will forward the information over to the other 2 - saving you time from navigating the lengthy (and annoying) automated phone labyrinth 3 times! This service can re-upped every 90 days, the extended 7-year fraud alert seems to require you to have a police report and is more tailored to someone that HAS had their information used fraudulently.
Comments
