Large-scale hacks on corporations seem to occur far too often lately. Despite stronger cyber security, many companies remain vulnerable to attacks. One of the latest companies hacked is Excellus Blue Cross Blue Shield and their affiliates. The company, which is based in Rochester, New York, revealed that after a cyber attack targeted their computers, more than 10 million personal records were potentially accessed by unauthorized users, according to Tech Times.
Who is Affected By the Attack?
Many of the victims are clients and customers of the company and affiliates, which includes Excellus BlueCross BlueShield, Lifetime healthcare Companies, Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MidAmerican Companies, and Univera Healthcare. The service area is only for those in the upstate New York area, specifically in Madison, Lewis, and Oneida counties. Although the exact nature of the attack and the actions taken on the data remain under investigation, Excellus is encouraging its customers and employees to remain vigilant for any signs of identity theft.
The hack was discovered on August 5, and the company and the FBI are still investigating the matter. They believe that the initial attack actually took place on December 23, 2013, even though it was not discovered until over a year and a half later. It is not yet determined whether or not any of the information was stolen or used for fraudulent purposes. However, the company is taking proactive measures to protect the over 10 million potential victims of identity theft.
Excellus hired FireEyes Mandiant, which is one of the leading cybersecurity firms, to assist in the protecting of their digital data. The firm was the one to discover the breach during their assessment of Excellus’ IT system. They are continuing their assessment to not only see the data authorized during the attack but also to see if there was any other similar unauthorized access.
How Will You Know if You are a Victim?
If you are one of the more than 10 million potential victims, then you should expect to receive a letter in the mail. Excellus is depending on the traditional post due to the possibility of people posing as the company and using the victim’s phone numbers or emails to try to get further information from them. Victims will also receive free credit monitoring and identity theft protection services to handle any fraudulent practices that happen due to the breach. They have also set up a special website that offers additional information about the attack.
Excellus is just one of many companies having to offer complementary identity theft services after an attack on their data. Although companies are working to better protect their data, sometimes it is too late, as it was for Excellus and their customers and staff.