Medical and financial data of around 11 million Premera Blue Cross customers has potentially been exposed due to a breach that apparently occurred on the same date as the Anthem breach.
The firm announced the breach on Tuesday and revealed that it identified the violation on January 29, 2015, and collaborated with the FBI and Mandiant to inspect the attack. The investigation revealed that the first attempt at security breach occurred on May 5, 2014, impacting the Premera Blue Cross and Premera Blue Cross Blue Shield of Alaska as well as their affiliated brands Connexion Insurance Solutions and Vivacity. Moreover, customers of Blue Cross Blue Shield in Alaska and Washington may also have been affected by the attack.
As a result, extensive applicant and customer data of these firms were exposed ranging from birth dates going back at least 13 years, medical records, social security numbers and bank account information.
Premera states that it doesn’t have proof that the data has been removed from the system or has been “used inappropriately,” but the company has started mailing letters to its affected customers from today and offering free two-year credit monitoring and identity theft protection.
This attack made Premera the second such company to face a major breach in 2015. On the same date, Anthem also identified a breach that potentially exposed the data of its 80 million customers. The Anthem attack started in April 2014 and exposed the social security numbers of its customers. The firm announced the breach on February 13th, 2015.
The difference between both the breaches is that in Anthem’s case, medical data and banking information were not exposed, reports Forbes.
However, both companies share similar views about the attack on their systems referring to it as “very sophisticated.” Rumor has it that the attack might be state-sponsored and attackers may have links with China.
Following the Anthem breach announcement, a series of phishing attacks was launched. Considering this aspect, Premera stresses that the company won’t email or call customers to inform them about the breach to avoid phishing attacks. The firm also urged its customers to avoid opening any links, URLs or attachments or responding to emails having details about the breach.
Premera is a Mountainlake Terrace, Washington, based health insurance firm and happens to be the largest health insurance provider in the Pacific Northwest with over 1.8 million members in Alaska and Washington and around $ 7.6 billion in revenue in 2013.