Premera Blue Cross, a health insurer based in the Pacific Northwest, said Tuesday that it was the victim of a cyberattack that could affect 11 million people.
The company said that hackers gained access to its systems on May 5 and that it did not discover the breach until Jan. 29.
The breach could have exposed members’ names, dates of birth, Social Security numbers, mailing and email addresses, phone numbers, member ID numbers and bank-account information, the Mountlake Terrace, Washington, company said. The information dates as far back as 2002 and affects users of Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and Vivacity and Connection Insurance Solutions.
Claims information, including clinical information as well as the personal information of people who did business with Premera, could also have been exposed.
Premera said it has not found evidence that data was removed from its systems or that customer information has been used inappropriately. It will provide two years of free credit monitoring and identity theft-protection services to consumers affected by the breach.
The company is working with the FBI and cybersecurity firm Mandiant to investigate the breach and remove any lingering infection of its systems.
Premera currently has about 1.8 million members. It provides health, life, vision, dental, disability and other types of insurance.
Companies ranging from retailers Target and Home Depot to Sony Pictures Entertainment have disclosed expensive and embarrassing data breaches recently.
In February, Anthem, the second-largest health insurer in the U.S., disclosed a breach that affected about 80 million customers. Cybersecurity experts say that attack was a sign that hackers are shifting their focus away from retailers and looking at targets in health care and other fields because their systems may be more easily breached.