Health insurer Premera Blue Cross was the target of a major cyberattack, and personal or health data for as many as 11 million people may have been compromised, the company announced Tuesday.
Premera said Tuesday hackers gained "unauthorized access" to its systems in a "sophisticated attack" that began May 4, 2014. Just last month, health insurer Anthem disclosed a major breach that may have affected as many as 80 million records.
The Premera attackers may have accessed several types of data for 11 million individuals, including: name, date of birth, Social Security number, mailing address, email address, telephone number, member identification number, bank account information, and claims information, including clinical information.
The customer information that may have been compromised dates back to 2002, Premera said.
The attack affected customers of Premera Blue Cross -- which provides health plans in the Pacific Northwest and is part of the Blue Cross Blue Shield Association -- as well as Premera BCBS of Alaska and affiliate brands Vivacity and Connexion.
The people affected may also include "Individuals who do business with Premera" and gave the company their email addresses, bank account numbers or Social Security numbers.
The Federal Bureau of Investigation has been investigating the attack, Premera said, and the company also worked with cybsecurity firm Mandiant to assess the situation.
Premera will mail letters to the 11 million people affected starting on Tuesday –- those affected should receive a letter by April 20 -- and those people will be eligible for two years of free credit monitoring and identity theft protection services. Premera is posting information and updates about the attack at premeraupdate.com.