An unknown number of Blue Shield of California members may have had their personal data, including Social Security numbers, birth dates and medical information, stolen during a cybersecurity breach this spring.
The healthcare insurance provider said the attack targeted the files of one of its contracted vendors, which administers vision benefits for many Blue Shield customers.
“The vendor immediately took the server offline, launched an investigation into the incident, engaged a cybersecurity firm and reported the matter to the FBI,” Blue Shield said in announcing the breach last month. “It has been determined that an unauthorized third party exfiltrated information from the server on May 28, 2023, and May 31, 2023.”
Oakland-based Blue Shield said it was notified of the breach on Sept.
Blue Shield added that there was “no evidence” that its own systems and emails were affected or vulnerable to the attack.
“It is important for us to take the time to accurately identify potentially affected individuals and their affected data,” a Blue Shield spokesperson said in an email Friday. “Once the process was completed, we sent breach notification letters in mid-November to all potentially affected members.”
The spokeswoman did not respond to a question about how many of Blue Shield’s 4.5 million health plan members may have been affected.
The company said it is providing affected members with free credit monitoring with identity restoration services, and has set up a dedicated call center to answer questions. It advises members to review their credit reports and account statements and notify law enforcement of suspicious activity.