Newsroom

May 21, 2015

1.1M affected by CareFirst BlueCross BlueShield breach

Health insurer CareFirst BlueCross BlueShield announced on Wednesday that a data breach compromised the personal data of as many as 1.1 million consumers, including their names, birth dates, email contacts and insurance identification numbers.

CareFirst said the information did not include Social Security numbers, credit card information or medical information. KrebsOnSecurity reported that there is evidence of the involvement of the same state-sponsored hackers in China believed to have been behind previous attacks on Anthem and Premera.

In February, Anthem, the second-largest health insurer in the country, confirmed a data breach that exposed Social Security numbers and other personal data, and that may have affected as many as 79 million consumers. After the Premera breach was announced in March, CareFirst told The New York Times that it created a taskforce to examine its system, and found a breach had occurred in June 2014.

CareFirst will offer credit monitoring and identity theft protection to its customers for two years.

NAFCU staff will continue to monitor the data security debate in Congress, and to push for meaningful action from lawmakers. To further encourage passage of the "Data Security Act," NAFCU is running an ad in National Journal's CongressDaily this week. The ad highlights the recurrence of retailer data breaches and how breaches affect consumers.