clock menu more-arrow no yes

CareFirst Says Cyber Attack Stole Data of 1.1 Million Users

The breach took place in June 2014 but was only recently discovered.

Bill Pugliano / Getty

CareFirst BlueCross BlueShield, which sells health insurance in Maryland, Virginia and the District of Columbia, said on Wednesday that a cyber attack compromised the data of 1.1 million current and former members.

CareFirst, which has a total of 3.4 million customers, said that the breach took place in June 2014 but was only recently discovered as part of security efforts put in place after other insurers were hacked.

Anthem, the second-largest U.S. insurer, said early this year that the records of 80 million people were accessed by hackers. In May, Premera Blue Cross said that 11 million customers’ information may have been exposed in a hack.

CareFirst said that the attackers accessed one database and could have potentially acquired member user names created by individuals to use CareFirst’s website, names, birth dates, email addresses and member identification numbers.

CareFirst has blocked member access to these accounts and has requested members create new user names and passwords.

The company said the database is also used by non-members that access CareFirst’s websites and online services.

Mandiant, the technology company that conducted the review, found no indication of any other prior or subsequent attack or that other personal information was taken, CareFirst said.

The database did not include Social Security numbers, medical claims, employment, credit card or financial information.

(Reporting by Caroline Humer in New York and Anjali Rao Koppala in Bengaluru; Editing by Joyjeet Das and Lisa Shumaker)

This article originally appeared on Recode.net.

Sign up for the newsletter Sign up for The Weeds

Get our essential policy newsletter delivered Fridays.