U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CareFirst data breach affects about 1.1M people

CareFirst BlueCross BlueShield fall victim of a major data breach, personal information belonging more than one million individuals could have been exposed. Health insurer CareFirst BlueCross BlueShield is notifying more than one million individuals that it was the victim of a data breach which may have exposed personal information used by attackers to gain limited, […]

CareFirst data breach affects about 1.1M people

CareFirst BlueCross BlueShield fall victim of a major data breach, personal information belonging more than one million individuals could have been exposed.

Health insurer CareFirst BlueCross BlueShield is notifying more than one million individuals that it was the victim of a data breach which may have exposed personal information used by attackers to gain limited, unauthorized access to one of the company database. The investigators speculate attackers have accessed personal information, including names, birth dates, email addresses and subscriber identification numbers, usernames to access the CareFirst website.

“On May 20, 2015, CareFirst BlueCross BlueShield (CareFirst) announced that the company has been the target of a sophisticated cyberattack. The attackers gained limited, unauthorized access to a single CareFirst database.” states the advisory posted to the website.

“Approximately 1.1 million current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst’s websites prior to June 20, 2014 are affected by this event.”

CareFirst had hired security firm Mandiant to perform an assessment of internal IT systems that revealed the data breach. On April 21, security experts at Mandiant discovered evidence of unauthorized accesses to the database on June 19, 2014. The experts haven’t found evidence of additional attacks against the CareFirst systems.

CareFirst data breach affects about 1.1M people

The advisory highlighted that hackers accessed only usernames explaining that related passwords were stored in encrypted format on a separate system not breached by hackers. The message from CareFirst President and CEO, Chet Burrell confirmed that no member Social Security Numbers, medical claims information or financial information were exposed.

All the individuals potentially exposed by the data breach are being notified, the company urges them to change their credentials and offered two years of free credit monitoring and identity theft protection services.

“All affected members will receive a letter from CareFirst offering two free years of credit monitoring and identity theft protection. The letters will contain an activation code and you must have the letter to enroll in the offered protections. Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords.”

Be aware of scammers that could try to exploit the incident, CareFirst remarked that it will not be contacting people by email, phone or social media.

Unfortunately, Health insurers are a privileged target of criminal organizations, in February the nation’s second largest health insurer Anthem announced that hackers violated its servers and stolen personal information for about 80 million people.

Pierluigi Paganini

(Security Affairs – CareFirst, data breach)