BlueCross: No evidence stolen personal data used

BlueCross: No evidence stolen personal data used

February 25th, 2010 by Andy Sher in News

Staff File Photo by Angela Lewis

Staff File Photo by Angela Lewis

NASHVILLE -- No documented cases of identity theft or credit card fraud so far have been linked to the October 2009 theft of 57 computer hard drives containing BlueCross customers' personal information, a company official told state lawmakers Wednesday.

"No, sir," Clay Phillips, BlueCross BlueShield of Tennessee's director and associate general counsel for state affairs, told Sen. Ken Yager, R-Harriman. "We monitor that daily."

Mr. Phillips said the Chattanooga-based insurer has had "a couple" of notifications that members' company-issued identification numbers were "exposed." But he emphasized that BlueCross officials tracked those cases down and were able to determine that "none of it" was the result of this theft.

BlueCross' update to Senate State and Local Government Committee members was the latest action the company has taken regarding the theft of the hard drives from an abandoned company training center at Eastgate Town Center in Chattanooga.

Mr. Phillips said he could not say whether there are any suspects in the crime. He said BlueCross has contacted hundreds of thousands of affected company subscribers and is offering them fraud monitoring services and other help. BlueCross also has bolstered its information services security, he said.

The committee's chairman, Sen. Bill Ketron, R-Murfreesboro, appeared satisfied with BlueCross' presentation, telling Mr. Phillips, "I know BlueCross Blue Shield will stay on top" of the situation.

The company has spent more than $7 million to identify the scope of stolen material, notify those affected and hire computer security experts to study how BlueCross handles information, officials said. Millions of dollars more are likely to be spent, they said.

But in response to another lawmaker's question, Mr. Phillips said the risk of exposure for customers "is actually very small. As you can see from how long it's actually taking us using 800 employees to get at this data, it's very difficult to 'mine' data like this."

BlueCross already has alerted 220,133 members whose names, Social Security numbers, dates of birth and addresses were contained on the drives. They have been offered free credit monitoring for a year and, if needed, enhanced identity theft and restoration help.

BlueCross is notifying another 301,628 people whose names, addresses and/or dates of birth and diagnostic information were involved. Similar credit monitoring and identity theft help are being offered.