John Commins updates us on the Tennessee BlueCross BlueShield breach:
BlueCross BlueShield of Tennessee is readying a Nov. 30 mass mailing to some of its 3.1 million customers in the Volunteer State who may have had their Social Security numbers and other private data compromised after an Oct. 2 hard drive theft at a remote training facility in Chattanooga.
“It’s going to be a progression of mailings, with those who would be most at risk receiving the first mailings, depending upon how many people had a Social Security number compromised,” says BCBST spokeswoman Mary Thompson.
[…]
Meanwhile, local, state, and federal law enforcement officials have been called in to investigate the Oct. 2 theft of three 3.5″ X 10″ hard drives, which were physically removed from server racks on computers inside a data storage closet at a training center located in a strip mall.
“We were using the information on those drives for training purposes. We were auditing our [customer service representatives] to ensure that they were delivering the correct information and servicing providers correctly and using it for training of new CSRs,” Thompson says.
[…]
In the past several weeks, Thompson says BCBST has had as many as 800 people—including employees from a private security company—working at any given time on the arduous task of analyzing more than 300,000 screen shots and about 50,000 hours of audio data to identify potential breaches.
Read more on Health Leaders Media.
Is anyone else confused by the reference to three hard drives? Earlier reports talked about 57 hard drives and then 68.