10 Million Compromised in Another Major Health Insurer Breach

Health insurer Excellus BlueCross BlueShield announced Wednesday it was the target of a cyberattack that may have compromised personally identifying information of its members — multiple news reports say more than 10 million members may have been affected. The New York-based insurer said the breach dates back to December 2013 (it was discovered Aug. 5 of this year) and concerns members who received treatment in 31 upstate New York counties.

BlueCross BlueShield affiliates Anthem, Premera and CareFirst have also experienced data breaches in the past several months, with the Anthem breach exposing about 80 million Social Security numbers. Similar data may have been accessed by hackers in the Excellus breach. The company said information includes names, addresses, telephone numbers, dates of birth, Social Security numbers, member identification numbers, financial account information and/or medical claims information. In the Frequently Asked Questions section on its breach-information site, excellusfacts.com, the company says, “Our investigation has not determined that any information was removed from our systems and there is no evidence to date that any such information has been used inappropriately.”

Even so, members will have free access to two years of identity theft protection services through cybersecurity firm Kroll and credit monitoring from TransUnion. People who have been affected by the breach should receive a letter from Excellus, but you don’t need to wait for a letter to sign up for the free services.

It’s a good idea to take advantage of free credit monitoring and identity theft protection services, but you need to do some of the monitoring yourself, so you can quickly spot and stop unauthorized use of your identity or financial accounts. Whether or not you’re a victim of this specific breach, you need to make a habit of watching out for signs your identity has been stolen — it’s a common crime, and the more prepared you are to deal with it, the less likely you are to suffer lasting financial damage from it. Unexpected changes in your credit score could signal new-account fraud, which can occur if your Social Security number has been compromised as in the Excellus breach. You can monitor your credit scores for changes for free every month on Credit.com.