CareFirst BlueCross BlueShield hacked; 1.1 million records stolen
Posted by: Timothy Weaver on 05/23/2015 09:48 AM [ Comments ]
Attackers gained access to a single company database containing the sensitive and personal information of more than a million of its current and former health insurance customers.
The health insurance company serves more than one-third of the U.S. population. It delivers health insurance to customers in the District of Columbia, Maryland and Virginia.
Social Security numbers, medical claims, employment, payment card and financial information were not exposed in the breach.
The database did contain member-created user names, names, birth dates, email addresses and subscriber identification numbers. Passwords were stored on a separate system.
Trent Telford, CEO of data security firm Covata,said: “If a company holds personal information on behalf of its customers, partners and employees it is its responsibility to encrypt it and remove the inherent value of this data for thieves and malicious actors. It is encouraging in the case of CareFirst BlueCross BlueShield that some of its valuable customer data is safe because it is encrypted. The more companies encrypt their customer data, the less they are going to be targets for attacks.”
CareFirst is offering affected customers two years of free credit monitoring services. Only those customers who registered an online account with CareFirst before June 20, 2014, would have been impacted by the breach.
Source: Threatpost
Social Security numbers, medical claims, employment, payment card and financial information were not exposed in the breach.
The database did contain member-created user names, names, birth dates, email addresses and subscriber identification numbers. Passwords were stored on a separate system.
Trent Telford, CEO of data security firm Covata,said: “If a company holds personal information on behalf of its customers, partners and employees it is its responsibility to encrypt it and remove the inherent value of this data for thieves and malicious actors. It is encouraging in the case of CareFirst BlueCross BlueShield that some of its valuable customer data is safe because it is encrypted. The more companies encrypt their customer data, the less they are going to be targets for attacks.”
CareFirst is offering affected customers two years of free credit monitoring services. Only those customers who registered an online account with CareFirst before June 20, 2014, would have been impacted by the breach.
Source: Threatpost
Comments