CareFirst BlueCross BlueShield, a non-profit healthcare company, said Wednesday that the data of about 1.1 million current and former customers had been comprised in a cyberattack.
"Evidence suggests that attackers could have potentially acquired member user names created by individuals to use CareFirst's website, names, birth dates, email addresses and subscriber identification numbers," the company said, in a statement on its website. The company also said it blocked member access to those accounts, and would offer two years of free credit monitoring and identity theft protection to those affected.
"We deeply regret the concern this attack may cause", said CareFirst President and CEO Chet Burrell. "We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years."
The announcement comes amid a spate of similar attacks targeting the personal information of customers stored on company websites. Earlier this year, the Anthem health insurance company said a database with as many as 80 million customer records was breached. JP Morgan Chase and Staples also saw customer data breached in similar attacks.
The cyberattack came to light when CareFirst hired Mandiant, a unit of the cybersecurity firm FireEye, in the wake of the attack on Anthem.