IE 11 is not supported. For an optimal experience visit our site on another browser.

CareFirst Says Hack May Have Exposed Data on 1.1 Million Customers

CareFirst BlueCross BlueShield sells health insurance in Maryland, Virginia and the District of Columbia.

CareFirst BlueCross BlueShield, which sells health insurance in Maryland, Virginia and the District of Columbia, said on Wednesday that a hack may have exposed the data of 1.1 million current and former members. CareFirst, which has a total of 3.4 million customers, said that the breach took place in June 2014 but was only recently discovered as part of security efforts put in place after other insurers were hacked. Anthem Inc., the second-largest U.S. insurer, said early this year that the records of 80 million people were accessed by hackers. In May, Premera Blue Cross said that 11 million customers' information may have been exposed in a hack.

CareFirst said that the attackers accessed one database and could have potentially acquired member user names created by individuals. CareFirst has blocked member access to these accounts and has requested members to create new user names and passwords.The company said the database is also used by non-members that access CareFirst's websites and online services. "Limited personal information was involved in this attack — for instance, no member Social Security Numbers, medical claims information or financial information was put at risk," the company said.

Mandiant, the cybersecurity firm that conducted the review, found no indication of any other prior or subsequent attack, CareFirst said.



—Reuters and NBC News staff