Skip to main content

Up to 1.1 million customers affected by CareFirst data breach

For the third time this year, a major U.S. health insurer has suffered a security breach, comprising the information of over 1 million customers. CareFirst of the Blue Cross Blue Shield insurance family announced Wednesday that up to 1.1 million individuals, but current and former plan holders, may have been affected by the security breakthrough. Luckily, because only one database was accessed, it appears that the data hackers made away with was limited to names, email addresses, and birthdates. No social security numbers, medical records, or credit card numbers appear to have been leaked.

All affected accounts have since been blocked, and customers have been asked to create new usernames and passwords. Calling it a “sophisticated” attack, CareFirst President and CEO Chet Burrell said in a statement, “We deeply regret the concern this attack may cause. We are making sure those affected understand the extent of the attack – and what information was and was not affected.”

As per a company statement, “Members who created accounts on prior to June 20, 2014 are affected by this incident. CareFirst is mailing letters to all affected members and those affected should receive a notification letter in the next 1 to 3 weeks. Members who enrolled to use CareFirst online services on or after June 20, 2014 are not affected because their enrollment occurred after the date of the unauthorized access.” To assuage some fears, CareFirst will provide two free years of credit monitoring and identity theft protection to compromised plan holders.

Earlier this year, Anthem and Premera also reported hacks, and the three security breaches seem to share some commonalities. The Federal Bureau of Investigation (FBI) seems to address the issues as state-sponsored hackings, with China at the top of the suspect list. Dr. Larry Ponemon, the chairman of Ponemon Institute, told the New York Times, “A lot of health care organizations have been historically laggards for security.” And given the wealth of information stored by these companies, they are prime targets for malicious hackers.

For more information on how to proceed, visit

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Facebook faces another huge data leak affecting 267 million users
mark zuckerberg speaking in front of giant digital lock

More than 267 million Facebook users’ IDs, phone numbers, and names were exposed to an online database that could potentially be used for spam and phishing campaigns. 

Security researcher Bob Diachenko uncovered the database, according to Comparitech. The database was first indexed on December 4, but as of today, December 19, it is unavailable. Comparitech reports that before the site was taken down, the database was found on a hacker forum as a downloadable file. 

Read more
OnePlus customer data stolen in second data breach in two years
oneplus 7t macro lens iphone 11 lacks cameras

Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.

This comes less than two years after up to 40,000 customers' private information was stolen from OnePlus, leading to credit card fraud using customers' details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.

Read more
Massive Words with Friends hack exposes 218 million account login details

A hacker has claimed responsibility for a massive breach of the popular mobile game Words With Friends, saying more than 218 million account logins and associated data have been stolen. The hacker, known as Gnosticplayers, told The Hacker News the data comes from Android and iOS versions of the game, and includes everything from names and email addresses, to hashed passwords, phone numbers, and Facebook identification.

Words With Friends developer Zynga released a statement on September 12 regarding a cyberattack, but did not go into the extent of the hack or the numbers involved. It set about reassuring players that it did not believe any financial information had been accessed, but that account login information had. Zynga said it had, “taken steps to protect these users accounts from invalid logins,” and that following further investigation players would be notified of any concerns.

Read more