Premera Blue Cross breached, info on 11 million customers at risk

Premera learned about the incident on Jan. 29 and an investigation, aided by the FBI, revealed that the initial attack took place on May 5.
Premera learned about the incident on Jan. 29 and an investigation, aided by the FBI, revealed that the initial attack took place on May 5.

The personal information of more than 10 million Premera Blue Cross members and applicants may have been compromised, the health insurance company announced on Tuesday, explaining that it was the victim of an attack and that unauthorized access was gained to its IT systems.

A Premera spokesperson confirmed to SCMagazine.com on Tuesday that roughly 11 million individuals may have been affected.

While the information that may have been accessed varies because Premera holds different types of data on individuals, altogether names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, medical claims information, and bank account information may have been compromised.

“Our investigation has not determined that any information was removed from our systems and there is no evidence to date that any such information has been used inappropriately,” according to a FAQ, which adds that credit cards are not stored and were not affected in the attack.

Premera learned about the incident on Jan. 29 and an investigation, aided by the FBI, revealed that the initial attack took place on the previous May 5. Premera is working with Mandiant, which is also aiding in the investigation, and is helping to remove the infection and strengthen Premera's IT systems.

“This incident affected Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and our affiliate brands Vivacity and Connexion Insurance Solutions, Inc.,” according to a statement, which goes on to add, “This incident also affected members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska.”

The health insurer began mailing letters to affected individuals on Tuesday, and is offering two free years of credit monitoring and identity theft protection services, including identity theft insurance.

“We are exposing extremely valuable and highly personal data to cyber criminals because we are not encrypting the data itself – only securing the networks they reside and travel on,” Trent Telford, CEO of data security firm Covata, wrote in a statement emailed to SCMagazine.com on Tuesday.

Premera was mentioned last month by ThreatConnect when the security firm published a blog suggesting that the Anthem breach – an incident that exposed the personal information of 78.8 million consumers – may be connected to the activities of a Chinese espionage group dubbed “Axiom.”

During its research, ThreatConnect identified a suspicious domain, prennera[dot]com, which was set up in December 2013 and appeared to be an attempt for attackers to impersonate Premera – possibly as a means of distributing convincing phishing emails to targets. The domain Prennera[dot]com resolved to a static IP address linked to Chinese APT malware.

Stay tuned to SCMagazine.com for continued coverage of the Premera breach.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS