PDF: Wynkoop letterSTEPS BLUECROSS IS TAKING* Identifying and notifying members found to have data potentially at risk* Posting information updates regarding the data breach on www. bcbst.com* Providing members whose Social Security numbers are at risk with credit monitoring for 12 months* Providing a special hot line to handle questions and concerns: 1-888-422-2786* Responding to emails sent to the privacy office at privacy_office@ bcbst.com* Providing Federal Trade Commission educational information to deter consumer fraud* Obtaining an independent assessment of the company's systemwide data and facility securitySource: Letter to group administrators from BlueCross counselOnline: Read a letter sent to a BlueCross BlueShield customer. Read previous stories. Comment.
Customers of Chattanooga-based insurer BlueCross BlueShield of Tennessee slowly are being notified by mail of a potential breach of their personal information.
This week, BCBS will provide updated data to the public on exactly how many customers were exposed when 57 hard drives were pilfered in October from a storage closet at the insurer's Eastgate Town Center branch, said company spokeswoman Mary Thompson.
"We've reach a critical mass with our analysis of the information, and this week we think we can update the public," Ms. Thompson said. "We're going to be doing a really full breakdown of how many were potentially exposed."
Letters are being mailed in batches as the data is being combed over and the breaches are discovered, Ms. Thompson said.
So far, there is no evidence the data has been successfully accessed or used to harm any customer's credit, Ms. Thompson said. But the insurer, in the letters, is offering customers free credit monitoring for one year.
The hard drive data is encoded and scrambled in such a fashion, that Ms. Thompson said, that it would be difficult for whomever stole the hard drives to access it. However, the hard drives may include names, insurance ID numbers, dates of birth, Social Security and information about the customer's medical conditions.
In the letter, the company alerted clients via Priority Mail that some members' personal information is contained in the hard drives. Company or group administrators received letters from Tena Roberson, the deputy general counsel and chief privacy officer for BlueCross.
"The call recordings may have included the member's name and ID number," wrote Ms. Roberson. "Additionally, some recordings may have included the member's date of birth or Social Security number."