CareFirst Victim Of Cyberattack, Around 1.1 Million Customers' Data Breached And Stolen

CareFirst BlueCross BlueShield is one of the largest health insurer in the United States and it became victim of a cyberattack on Wednesday, resulting to having personal information and other data breached affecting around 1.1 million of the insurer's customers.

The attackers gained access to the names, birth dates, insurance identification numbers and even birth dates of the customers of CareFirst. However, hackers were not able to get information regarding the costumers' Social Security numbers or credit card numbers as these were not in the system. Passwords and medical information of the 1.1 million customers were also not stolen.

But analysts and privacy experts are saying that the affected 1.1 million customers are still subjected to threats such as phishing.

CareFirst CEO Chet Burrell said in a statement that the company deeply regret the concern the attack may cause but they are doing everything to understand the extent of data breach and invest more in the security of their customers' data. CareFirst has over 3.2 million members nationwide.

The cyberattack reportedly occurred in June 2014 but was discovered only last month when security contractor Mandiant was hired to conduct an assessment in their system. This is the third attack this year on a U.S. health insurer company. The first two recent attacks were that of insurers on Anthem and Premera Blue Cross prompting CareFirst to undergo the assessment.

The Anthem hacking resulted to breaching the Social Security numbers of 79 million customers while the Premera hacking resulted to gaining access of the Social Security numbers and bank account information of their 11 million members.

FBI spokeswoman Amy Thoreson shared that the agency is already investigating the attack and will be determining the scope of the data breach. Information stolen by hackers is said to be possibly sold to the dark web, which cannot be found by search engines. This kind of market is reportedly selling stolen information at a very high price.


Real Time Analytics