Hackers succeeded in penetrating into the IT systems of US Insurer Excellus Blue Cross BlueShield database and gained access to personal, financial and medical information of more than 10 million people in December 2013. Astonishingly, Excellus learnt about this data breach in August this year (Yes after almost 22 months) and immediately asked FBI and cyber security firm Mandiant to investigate the breach.
According to preliminary enquiry made by FBI, the hackers may have had access to customer records which includes names, addresses, telephone numbers, date of birth, social security numbers, financial account details and medical claim info.
The intial probe made by FBI data breach also reported that the breach not only affected Excellus members, but also members of other Blue Cross Blue Shield plans who sought medical treatment in the upstate New York area services by the company.
On the other hand, Cyber-security firm Mandiant’s enquiry reported that the hacked data was encrypted, but the attackers gained admin powers to the IT systems, allowing them to potentially access the info.
Excellus has decided to inform all the 10 million members whose data was leaked via mail letters in this month and is said to offer free credit monitoring and identity protection services to all of them for two years through a partner company.
The company has also cleared the air that it will not contact the affected members via email or telephone. So, any emails or phone calls claiming to be from the company in regard to this attack should be ignored as they are probably scams.
This incident comes after three other Blue Cross Blue Shield health insurers-Anthem, Premera and Carefirst announced large data base breach this year as a result of a cyber attack made by a Chinese firm dubbed Black Vine.
More details are awaited!