Following reports that Excellus BlueCross BlueShield unveiled a significant data breach in its systems that could affect more than 10 million of its subscribers, Keller Rohrback L.L.P. is starting an investigation.
It is presumed that clients of other BlueCross BlueShield plans who used Excellus' services might be under risk. Potential victims of the hacking are customers of the following affiliates: Lifetime Benefit Solutions, Lifetime Health Medical Group, Lifetime Care, The MedAmerica Companies and Univera Healthcare. Most of the customers are based in upstate Ntew York.
Excellus BlueCross BlueShield, which has its headquarters in Rochester, and Lifetime Healthcare Companies promised to offer two years of personal data security to those affected as a compensation. The protection services for cyberattack victims is free of charge.
It appears that the first malicious action took place on Dec. 23, 2013, but the companies only discovered the unauthorized operation on Aug. 5, nearly two years after the first breach. No information is available on any inappropriate use of the confidential files. The data available on each person depends heavily on the relationship between the client and the company, but these files can include everything from customers' names, birth dates, Social Security numbers, phone numbers, member identification numbers, mailing addresses, financial account information, and claims information.
An FBI investigation is taking place in an attempt to determine the extent of the security leak, and all customers are encouraged to keep an eye on their personal information and notify the authorities if they suspect identity theft. On Wednesday, insider sources confessed there were no leads to the perpetrators.
Excellus and Lifetime will use traditional post to notify each of the affected clients. If you are contacted via email or telephone by someone posing as Lifetime or Excellus, it's a scam and should refrain from offering any information.
"Protecting personal information is one of our top priorities and we take this issue seriously," Christopher C. Booth, chief executive at Excellus, says. "We are providing free credit monitoring and identity theft protection to you for peace of mind."
He also vows to take action to secure the company's network and prevent this kind of unfortunate event from happening again. The company also created www.excellusfacts.com to provide customers answers to questions about the cyberattack.