Health insurer Blue Shield of California has acknowledged a data breach in which an unauthorized user gained access into a data system of one of the payer’s vendors.
The breach occurred late last year, and was the result of log-in credentials for certain Blue Shield customer service representatives being misused. No data systems at Blue Shield were impacted, the organization said in its breach notification letter to customers.
According to a report from the Orange County Register, personal information from nearly 21,000 individual and family plan customers was accessed in the breach. The report further stated that the vendor in question provides enrollment assistance, and was targeted by a telephone scam at the call center.
Blue Shield said that the information that could have been breach includes customers’ names, addresses, dates of birth, and Social Security numbers. As such, the insurer is offering a complimentary one-year membership in Experian’s ProtectMyID Alert. The notification letter read, “While we have no indication that specific personal information about you has been misused, this product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft.”