Over 10M Consumers’ Personal Info Stolen In Latest Health Insurer Data Breach

For at least the fourth time this year, millions of consumers are being faced with some bad news: health insurer Excellus Blue Cross Blue Shield has announced the discovery of a major data breach in their systems. Over 10 million subscribers to Excellus and their partner services now have their most personal information — including medical claims records and social security numbers — stolen.

Excellus has its headquarters in Rochester, NY and serves consumers in central and upstate New York. Excellus estimates that any of the 10 – 10.5 million individuals who have received health care in their service area are at risk. A statement from the company’s president and CEO Christpher Booth confirms that “attackers may have gained unauthorized access to individuals’ information, which could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.”

In other words: this breach is bad. You name it, and the hackers probably got it.

The intrusion into the Excellus systems began nearly two years ago, with hackers apparently first getting in on December 23, 2013. Excellus discovered the hack about a month ago, on August 5.

Excellus says the information was encrypted, but that does absolutely no good in this case as the hackers had administrative access to the company’s network. That means they would be perfectly able to decrypt it the same way an actual internal systems administrator could.

The company is now performing the standard mea culpa trifecta: working with the FBI to investigate who did it; engaging an IT forensics and sybersecurity company to figure out what the heck actually happened; and signing all their customers up for two years of identity theft protection services.

Unfortunately, Excellus customers are now just the latest members of a popular club. 2015 seems to be the year that insurers discover data breaches, with 80 million Anthem customers, 11 million Premera Blue Cross customers, and over 1 million CareFirst Blue Cross customers already having their data purloined this year. Add Excellus to the mix, and that’s potentially over 100 million Americans affected in about nine months.

Excellus customers can visit the company’s dedicated breach-explainer site or call 1-877-589-3331 for more information.

[via Wired]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.