CareFirst BlueCross BlueShield, a non-profit healthcare company, said Wednesday that the data of about 1.1 million current and former customers had been comprised in a cyberattack.
"Evidence suggests that attackers could have potentially acquired member user names created by individuals to use CareFirst's website, names, birth dates, email addresses and subscriber identification numbers," the company said, in a statement on its website. The company also said it blocked member access to those accounts, and would offer two years of free credit monitoring and identity theft protection to those affected.
"We deeply regret the concern this attack may cause", said CareFirst President and CEO Chet Burrell. "We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years."
The announcement comes amid a spate of similar attacks targeting the personal information of customers stored on company websites. Earlier this year, the Anthem health insurance company said a database with as many as 80 million customer records was breached. JP Morgan Chase and Staples also saw customer data breached in similar attacks.
The cyberattack came to light when CareFirst hired Mandiant, a unit of the cybersecurity firm FireEye, in the wake of the attack on Anthem.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.