Personal information, possibly including Social Security numbers and medical and pharmaceutical records, was exposed through a data breach at WellPoint, a large health benefits company.
Only recently discovered, the data breach affected 128,000 customers. The personal information has been made publicly available online for the past 12 months. The information was stored on two servers through a third-party vendor.
“When we became aware of the problem with the first server, we quickly notified all members who we determined could have been impacted and offered free credit monitoring and customer service support,” Cheryl Leamon, WellPoint spokeswoman, told SCMagazineUS.com on Wednesday. “Recently, we discovered that additional members potentially could have had their protected health information accessible on the internet through this server, and that a second server maintained by a third-party vendor was not properly secured in 2007.”
Leamon added that both of these servers have now been secured and the company is now notifying all customers possibly affected by the data breach.
Unfortunately, data breaches like this are likely to become more commonplace, according to Ted Julian, vice president of marketing and strategy, Application Security, Inc.
“These aren't teenagers goofing around in their bedroom. The attackers have become professionals,” Julian told SCMagazineUS.com on Wednesday. “There's a lot of money to be made selling personal data on the black market.”
To protect themselves, Julian said companies must first identify their most valuable data and where and how it is stored. Once that's determined, the company can then explore potential vulnerabilities to the way the data is stored, what patches need to be deployed, and how to best secure the infrastructure.
“Constant monitoring needs to be part of the equation,” Julian added.