BreachExchange mailing list archives

Blue Cross Blue Shield of TN data breach

From: Henry Brown <hbrown () knology net>
Date: Mon, 11 Jan 2010 05:21:13 -0600

 From Knoxville News:

http://tinyurl.com/ycvm8bh

January 10, 2010 at 9:41 p.m.

CHATTANOOGA - Customers of Chattanooga-based insurer BlueCross 
BlueShield of Tennessee slowly are being notified by mail of a potential 
breach of their personal information.

This week, BCBS will provide updated data to the public on exactly how 
many customers were exposed when 57 hard drives were pilfered in October 
from a storage closet at the insurer's Eastgate Town Center branch, said 
company spokeswoman Mary Thompson.

"We've reached a critical mass with our analysis of the information, and 
this week we think we can update the public," Thompson said. "We're 
going to be doing a really full breakdown of how many were potentially 
exposed."

Letters are being mailed in batches as the data is being combed over and 
the breaches are discovered, Thompson said.

So far, there is no evidence the data has been successfully accessed or 
used to harm any customer's credit, Thompson said. But the insurer, in 
the letters, is offering customers free credit monitoring for one year.

The hard drive data is encoded and scrambled in such a fashion, Thompson 
said, that it would be difficult for whoever stole the hard drives to 
access it. However, the hard drives may include names, insurance ID 
numbers, dates of birth, Social Security and information about the 
customer's medical conditions.

In the letter, the company alerted clients via Priority Mail that some 
members' personal information is contained in the hard drives. Company 
or group administrators received letters from Tena Roberson, the deputy 
general counsel and chief privacy officer for BlueCross.

"The call recordings may have included the member's name and ID number," 
Roberson wrote. "Additionally, some recordings may have included the 
member's date of birth or Social Security number."

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

Current thread:

Blue Cross Blue Shield of TN data breach Henry Brown (Jan 11)
- Re: Blue Cross Blue Shield of TN data breach Henry Brown (Jan 28)
  - Modelling data breaches and collecting data Luther Martin (Jan 29)