Hackers have been digging into the personal records of more than 10.5 million people who use health insurance company Excellus BlueCross Blueshield, according to a recent statement by the company.
The sophisticated attack was first spotted on August 5, 2015, and a subsequent investigation revealed that the data breach has been going on for almost two years, unnoticed until now. Excellus immediately notified the FBI upon discovery of the attack.
The personal information that was exposed by the attack includes customers first and last name, date of birth, Social Security number, home address and telephone number.
Hackers also had access to information pertaining to the victims accounts such as their member identification number, payment methods, and any claims that had been made.
Identity theft protection service LifeLock sent out emails to their users informing them of the Excellus breach earlier today.
Excellus does not believe the stolen customer data has been misused — yet.
However, LifeLock stated on their website that Excellus will be offering identity theft protection for affected customers for two years in an attempt to rectify the mistake. The phone number to find out more about this is 1-877-589-3331.
Excellus has hired cybersecurity firm Mandiant to perform a security audit on their systems. The firm is working with Excellus to investigate the breach in order to identify and fix the vulnerabilities used to break into their network. They also plan on preparing Excellus for cybersecurity threats in the future.
Christopher C. Booth, the President and CEO of Excellus, issued an apology regarding the incident stating “We sincerely regret the frustration and concern this incident may cause.”
We sincerely regret the frustration and concern this incident may cause. We want you to know that protecting your information is incredibly important to us, as is helping you through this situation with the information and support you need.