A data breach may have exposed sensitive information of 11 million customers and employees of a major health insurer in the northwest United States.
Premera Blue Cross, based near Seattle in Mountlake Terrace, Wash., said it discovered Jan. 29 that it had been the victim of a “sophisticated attack” that gained access to its information technology systems.
The attackers may have accessed names, addresses, email address, telephone numbers, dates of birth, Social Security numbers, member identification numbers, medical claims information and bank account information of customers dating back to 2002, the company said.
“The security of Premera’s members’ personal information remains a top priority. We at Premera take this issue seriously and sincerely regret the concern it may cause,” said Premera Chief Executive Jeff Roe. “As much as possible, we want to make this event our burden, not that of the affected individuals, by making services available today to help protect people’s information.”
The announcement comes one month after Anthem Blue Cross said a massive cyberattack had affected about 79 million customers in the United States. About 13.5 million Californians were affected in that attack.
The latest breach hit Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and their affiliate brands Vivacity and Connexion Insurance Solutions Inc. The companies serve more than 1.8 million people.
“Attackers gained unauthorized access to our IT systems and may have accessed the personal information of our members, employees and other people we do business with,” the company said in a statement on its website.
Premera said it would send letters to about 11 million people whose information may have been accessed in the attack. It is also providing two years of free credit monitoring and identity theft protection to those people. The company said it has set up a website to provide information to those concerned about the attack.
“Along with steps taken to cleanse its IT system of issues raised by this cyberattack, Premera is taking additional actions to strengthen and enhance the security of its IT systems moving forward,” the company said in a news release.