Medical and financial data of around 11 million Premera Blue Cross customers has potentially been exposed due to a breach that apparently occurred on the same date as of the Anthem breach.
The firm announced about the breach on Tuesday and revealed that it identified the violation on January 29, 2015, and collaborated with the FBI and Mandiant to inspect the attack. The investigation revealed that first attempt of security breach occurred on May 5, 2014, impacting the Premera Blue Cross and Premera Blue Cross Blue Shield of Alaska as well as their affiliated brands Connexion Insurance Solutions and Vivacity. Moreover, customers of Blue Cross Blue Shield in Alaska and Washington may also have been affected by the attack.
Resultantly, extensive applicant and customer data of these firms got exposed ranging from birth dates going back at least 13years, medical records, social security numbers and bank account information.
Premera states that it doesn’t have proof that the data has been removed from the system or has been “used inappropriately,” but the company has started mailing letters to its affected customers from today and offering free two-years credit monitoring and identity theft protection.
This attack makes Premera the second such company to face a major breach in 2015. On exactly the same date, Anthem also identified a breach that potentially exposed data of its 80million customers. The Anthem attack started in April 2014 and exposed social security numbers of its customers. The firm announced the breach on Februaru13th, 2015.
The difference between both the breaches is that in Anthem’s case, medical data and banking information was not exposed, reports Forbes.
However, both companies share similar views about the attack on their systems referring to it as “very sophisticated.” Rumor has it that the attack might be state-sponsored and attackers may have links with China.
Following the Anthem breach announcement, a series of phishing attacks was launched. Considering this aspect, Premera stresses that the company won’t email or call customers to inform about the breach in order to avoid phishing attacks. The firm also urged its customers to avoid opening any links, URLs or attachments or respond to emails having details about the breach.
Premera is a Mountainlake Terrace, Washington, based health insurance firm and happens to be the largest health insurance provider in Pacific Northwest with over 1.8million members in Alaska and Washington and around $7.6billion revenue in 2013.