Sadly, it wouldn’t be a complete week in the cyber world without news of another cyber attack or security breach. This time the victim was 10 million people insured by Excellus BlueCross BlueShield.
The major insurance carrier said this week they were made aware of a cyber attack that apparently occurred in December of 2013. What’s most unsettling though is the fact that the company did not know about the attack until last month – almost two years later.
It was reported the attackers stole information such as names, addresses, SSN’s, financial and medical account information, as well as member ID numbers.
While the information was encrypted, the hackers somehow gained administrative access to the IT systems allowing them to access the information.
The company claims that the information that was taken has not yet been used maliciously, at least to their knowledge.
So, what is Excellus doing to notify its customers of the breach? Sending a letter by standard mail, of course. I mean, who can trust e-mail after this little debacle, right?
In all seriousness, this is another set of unsettling news. Our personal information resides with so many different entities with much different levels of security for their (our) data. We have our information with credit bureaus and credit card companies, our insurance providers, banks, social media outlets, monthly services, and much more.
It is becoming almost impossible to predict when and where a cyber attack will occur, and it’s becoming increasingly more difficult to ensure our personal data is safe.
We need to continue to be diligent from both sides of the spectrum, as companies and as consumers, as we strive for better overall security and privacy for our personal information.