DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Personal data accessed on Blue Cross website

Posted on June 23, 2010 by Dissent

Courtney Perkes reports:

More than 200,000 Anthem Blue Cross customers this week received letters informing them that their personal information might have been accessed during a security breach of the company’s Web site.

Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their application.

Cathy Luckett of San Juan Capistrano was dismayed to learn that Social Security and credit card numbers were potentially viewed.

[…]

Anthem spokeswoman Cynthia Sanders said the confidential information was briefly accessed, primarily by attorneys seeking information for a class action lawsuit against the insurer. She said it’s unclear how many customers’ information was viewed, but that letters were sent to 230,000 Californians out of an “abundance of caution.

Read more in the Orange County Register. The company reports that an upgrade was not really secure, despite them having been assured it was.

I could not find any notice on Anthem’s web site at the time of this posting. Nor is the incident reported on HHS/OCR’s web site yet.

Related posts:

  • Transparency #FAIL: Why won’t Anthem/Elevance Health answer a simple question about breaches?
Category: Health Data

Post navigation

← TX: Dozens of credit card numbers stolen from Driskill guests
Personal data accessed on Blue Cross website →

3 thoughts on “Personal data accessed on Blue Cross website”

  1. Anonymous says:
    June 24, 2010 at 4:47 pm

    “Only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their application.”

    This is patently false. We received this letter today and we do not have “pending applications”. What’s really amusing is that Anthem doesn’t allow online bill pay (we were required to send faxes for other materials as well), but somehow our SSNs were available online.

    I guess the fact that we pay them over USD$1000 per month isn’t enough to merit decent security.

    1. Anonymous says:
      June 24, 2010 at 5:20 pm

      Thanks for pointing out that their statement may have been less than accurate.

      If you can/want to, scan in a copy of the letter and e-mail it to me (admin[at]phiprivacy.net) and I’ll upload it so others can see it, too.

  2. Anonymous says:
    June 30, 2010 at 2:22 pm

    The BCBS in my state was nearly purchased by Anthem, but the state insurance commissioner at the time refused to approve the sale. Never have I been so glad…

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.