UPDATE: Indianapolis-based health insurance company WellPoint, which runs Blue Cross plans in 14 states, recently revealed that it has notified a total of 470,000 individuals potentially affected by this breach, including the 230,000 customers of its Anthem Blue Cross subsidiary in California.
The personal information of hundreds of thousands of Blue Cross customers was recently exposed following a website glitch made by a third party.
How many victims? 230,000.
What type of personal information? Medical records and Social Security numbers.
What happened? The appropriate security measures were not put in place following an October 2009 upgrade of the company’s website made by a third-party vendor, said Anthem spokeswoman Cynthia Sanders. As a result, a site user was able to manipulate web addresses to access confidential information.
A class-action lawsuit was filed on behalf of individuals whose information was in jeopardy.
It’s unknown how many people worldwide may have accessed the site illegally. According to Anthem’s investigation, the vast majority of unauthorized access was from the plaintiff of the lawsuit and her attorneys, Sanders said.
The attorneys downloaded some information from the site, but have since returned it to the court system.
Meanwhile, this is not the first time WellPoint has experienced a breach. In 2008, it was discovered that the personal information of about 128,000 WellPoint customers from several states was publicly available on the internet. And in 2006, backup computer tapes containing the personal information of 200,000 members were stolen.
Quote: “We were told by a third-party vendor that all security measures were in place,” Sanders said. “As soon as we heard about the attorneys, we went in, discovered the problem and fixed it immediately.”
Details: Applicants under age 65 who were applying for individual policies were affected by the breach.
What was the response? The company is offering affected individuals a one year free subscription for identity protection services.
Source: Associated Press, “Anthem Blue Cross glitch exposed personal data,” June 23, 2010.
Update Source: Associated Press, “Security glitch exposes WellPoint data again,” June 29, 2010.