Exposed Members Data For Over Five Months
Anthem Blue Cross admitted they left the sensitive personal information of more than 230,000 Anthem Blue Cross members exposed for over five months. Anthem representatives blame the massive breach on a website upgrade. Site visitors were able to access the personal information of more than 230,000 people who had pending insurance applications in the Anthem system.
Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn’t access members’ medical records and Social Security numbers.
“We were told by a third-party vendor that all security measures were in place,” Cynthia Sanders, an Anthem spokeswoman, said in a statement.
As it turns out, visitors were able to access the personal information of the more than 230,000 people who had pending insurance applications in the Anthem system.
But it wasn’t until attorneys filed a class action suit on behalf of the violated members that Anthem became aware of the data breach. A subsequent internal investigation revealed that at least one affected member and his or her attorneys managed to infiltrate the website repeatedly to access what was supposed to be secured data.