ALBANY, N.Y. -- A health insurer in western New York and affiliates said Wednesday that their computers were targeted last month in a cyberattack that may have provided unauthorized access to more than 10 million personal records.
Excellus BlueCross BlueShield, headquartered in Rochester, and Lifetime Healthcare Companies said they're offering affected individuals in upstate New York two years of free identity theft protection.
The companies said unauthorized computer access was discovered Aug. 5, and further investigation revealed that the initial attack occurred on Dec. 23, 2013. They haven't determined so far that any information was used inappropriately or removed. Information could include customers' names, birth dates, Social Security numbers, mailing addresses, phone numbers, member identification numbers, financial account information and claims information.
Other affiliates are Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare.
The FBI said it's investigating, working with the companies to determine the scope of the security breach, and customers should take steps to monitor their personal information and report suspected instances of identity theft to its Internet Crime Complaint Center online. A spokeswoman declined to say Wednesday whether they've identified the source of the hack.
Excellus and Lifetime said they were mailing letters to affected individuals Wednesday.
"Protecting personal information is one of our top priorities and we take this issue seriously," said Chief Executive Christopher Booth. "We are providing free credit monitoring and identity theft protection to you for peace of mind. We also pledge to take additional steps to strengthen and enhance security to help avoid having something like this happen again."
The company established a website at www.excellusfacts.com for signups for those services and for answering related questions.