Spokeswoman: Personal data of 230,000 Anthem Blue Cross customers exposed by Web page glitch

By Shaya Tayefe Mohajer, AP
Thursday, June 24, 2010

Anthem Blue Cross glitch exposed personal data

LOS ANGELES — About 230,000 Anthem Blue Cross customers have been warned that their personal data, including medical records and Social Security numbers, may have been wrongly accessed following a faulty upgrade of the company’s website.

A site user was able to manipulate Web addresses to access confidential information after security measures weren’t reinstated properly following an October 2009 upgrade, said Anthem spokeswoman Cynthia Sanders.

“We were told by a third party vendor that all security measures were in place,” said Sanders. “As soon as we heard about the attorneys, we went in, discovered the problem and fixed it immediately.”

Applicants under age 65 who were applying for individual policies were affected by the breach, said Sanders.

Attorney Dan Robinson, who is representing plaintiffs whose information was in jeopardy, said files were not secured for a five-month period.

“This is one of worst exposures of private information we’ve seen: medical records, social security, health information,” said Robinson.

He said it’s unknown how many people worldwide may have accessed the site illegally. Sanders said that according to Anthem’s survey, the vast majority of unauthorized access was from the plaintiff and her attorneys.

Sanders said the attorneys downloaded some of the information from the site, but had since relinquished it.

Anthem sent letters to customers who may have been affected and offered a free year of identity protection services.

Robinson said the protection should last longer.

will not be displayed