Premera Blue Cross revealed today that its networks suffered a massive security breach last year that gave attackers access to personal information from up to 11 million of its customers. The insurance company first found evidence of the attack on January 29, though evidence shows that the initial attack against Premera’s systems took place on May 5, 2014.
The attackers were able to gain access to a vast trove of data, and those people affected may have had a wide variety of personal information stolen, including “member name, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information.”
The attack primarily affected members of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions, Inc. In addition, any Blue Cross Blue Shield members who sought treatment in Washington and Alaska were also affected. The data stolen dates all the way back to 2002.
Premera, which is the employee insurance provider for Microsoft, worked with Mandiant to secure its infrastructure against the attack, and said that it will continue to harden its IT infrastructure to protect against future attacks. The company is also working with the Federal Bureau of Investigation, which is looking into the attack.
The insurance company is beginning to mail out letters to affected individuals today, and will provide anyone affected with two years of free credit monitoring and identity theft protection through Experian.