CareFirst data breach affects about 1.1M people

CareFirst BlueCross BlueShield fall victim of a major data breach, personal information belonging more than one million individuals could have been exposed.

Health insurer CareFirst BlueCross BlueShield is notifying more than one million individuals that it was the victim of a data breach which may have exposed personal information used by attackers to gain limited, unauthorized access to one of the company database. The investigators speculate attackers have accessed personal information, including names, birth dates, email addresses and subscriber identification numbers, usernames to access the CareFirst website.

“On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack. The attackers gained limited, unauthorized access to a single CareFirst database.” states the advisory posted to the website.

“Approximately 1.1 million current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst’s websites prior to June 20, 2014 are affected by this event.”

CareFirst had hired security firm Mandiant to perform an assessment of internal IT systems that revealed the data breach. On April 21, security experts at Mandiant discovered evidence of unauthorized accesses to the database on June 19, 2014. The experts haven’t found evidence of additional attacks against the CareFirst systems.

The advisory highlighted that hackers accessed only usernames explaining that related passwords were stored in encrypted format on a separate system not breached by hackers. The message from CareFirst President and CEO, Chet Burrell confirmed that no member Social Security Numbers, medical claims information or financial information were exposed.

All the individuals potentially exposed by the data breach are being notified, the company urges them to change their credentials and offered two years of free credit monitoring and identity theft protection services.

“All affected members will receive a letter from CareFirst offering two free years of credit monitoring and identity theft protection. The letters will contain an activation code and you must have the letter to enroll in the offered protections. Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords.”

Be aware of scammers that could try to exploit the incident, CareFirst remarked that it will not be contacting people by email, phone or social media.

Unfortunately, Health insurers are a privileged target of criminal organizations, in February the nation’s second largest health insurer Anthem announced that hackers violated its servers and stolen personal information for about 80 million people.

Pierluigi Paganini

(Security Affairs – CareFirst, data breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target…

7 hours ago

City of Wichita disclosed a data breach after the recent ransomware attack

The City of Wichita disclosed a data breach after the ransomware attack that hit the…

16 hours ago

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog. The…

18 hours ago

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity…

20 hours ago

North Korea-linked Kimsuky APT attack targets victims via Messenger

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware.…

22 hours ago

Electronic prescription provider MediSecure impacted by a ransomware attack

Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party…

1 day ago

This website uses cookies.