Personal data accessed on Blue Cross website
Courtney Perkes reports:
More than 200,000 Anthem Blue Cross customers this week received letters informing them that their personal information might have been accessed during a security breach of the company’s Web site.
Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their application.
Cathy Luckett of San Juan Capistrano was dismayed to learn that Social Security and credit card numbers were potentially viewed.[…]
Anthem spokeswoman Cynthia Sanders said the confidential information was briefly accessed, primarily by attorneys seeking information for a class action lawsuit against the insurer. She said it’s unclear how many customers’ information was viewed, but that letters were sent to 230,000 Californians out of an “abundance of caution.
Read more in the Orange County Register. The company reports that an upgrade was not really secure, despite them having been assured it was.
I could not find any notice on Anthem’s web site at the time of this posting. Nor is the incident reported on HHS/OCR’s web site yet.
Anonymous - June 24, 2010
“Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their application.”
This is patently false. We received this letter today and we do not have “pending applications”. What’s really amusing is that Anthem doesn’t allow online bill pay (we were required to send faxes for other materials as well), but somehow our SSNs were available online.
I guess the fact that we pay them over USD$1000 per month isn’t enough to merit decent security.