Blue Shield of California Member’s Personal Data Hacked | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Blue Shield of California has announced they were the target of a cyberattack that stole troves of member’s personal information.

The data may have included names of members, their dates of birth, social security numbers, and information related to vision health care, according to a Nov. 17 press release from Blue Shield.

Hackers stole the data from a Blue Shield server managing vision care data on May 28 and May 31, according to the release. A vendor for Blue Shield, which the release did not identify, discovered the breach on Aug. 23 and reported it to Blue Shield on Sept. 1.

In response to the breach, the vendor immediately took the server offline, launched an investigation into the incident, engaged a cybersecurity firm and reported the matter to the FBI, Blue Shield said.

READ MORE: San Francisco Waste-Hauling Giant Recology Hacked

The attack was part of a broader wave of cybersecurity breaches by a ransomware group known as Clop, which exploited a vulnerability of an enterprise digital file-moving software known as MOVEit, which allowed hackers to steal data. Following the breaches MOVEit creator Progress Software reportedly issued a patch.

In response to the attack, Blue Shield says it has opened a dedicated call center to answer questions—it can be reached at 1-866-983-2632 Monday through Friday from 8:00 a.m. to 7:00 p.m. Central Time, excluding major U.S. holidays.

Blue Shield also offers free credit monitoring with identity restoration services for anyone impacted by the data breach.

READ MORE: San Francisco Battles Rising Cybercrime ‘Tsunami’ After Oakland Hit Hard

If you are a Blue Shield member affected by the breach, the healthcare provider recommends you do the following:

  • Closely review credit reports and account statements and notify the bank or other institution maintaining your account and report any fraudulent activity or suspected identity theft to law enforcement, the Federal Trade Commission or the Attorney General’s Office in your home state.
  • Blue Shield recommends placing a fraud alert on your credit file. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. If you have already been a victim of identity theft, you may have an extended alert placed on your report, which lasts for seven years. You can place a fraud alert on your credit file by contacting Equifax, TransUnion or Experian.
  • You may also want to consider placing a security freeze on your credit file, which will prevent new credit from being opened in your name without the use of a PIN. A security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. Security freezes also require you to contact one of the three credit reporting agencies above.

The following can indicate if you are a victim of identity theft, according to the FEC:

  • You see withdrawals from your bank account that you can’t explain.
  • You don’t get your bills or other mail.
  • Merchants refuse your checks.
  • Debt collectors call you about debts that aren’t yours.
  • You find unfamiliar accounts or charges on your credit report.
  • Medical providers bill you for services you didn’t use.
  • Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
  • A health plan won’t cover you because your medical records show a condition you don’t have.
  • The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
  • You get notice that your information was compromised by a data breach at a company where you do business or have an account.

Blue Shield of California, the FBI and Progress Software have been contacted for comment.


Click Here For The Original Story From This Source.

National Cyber Security