BlueCross BlueShield of Tennessee today disclosed that more than 220,000 customers may have had their personal data breached when 57 hard drives were pilfered from its former call center in October.
To date, the Chattanooga-based insurer does not believe the data has been used to harm anyone's credit, but hard drives did contain customer names, dates of birth, Social Security numbers and addresses, according to a statement released by the company.
The next step in the process is for BlueCross to determine how many customers may have had just their names, birthdates and diagnostic information disclosed.
The company is more than 90 percent done with reviewing the files that may have included Social Security numbers and other identifying information, it said, and about 157,000 customers have been notified by mail of the potential breach. BlueCross has offered credit monitoring to those customers.
The next step is to determine customers that had just their names, birthdates and diagnostic information breached. And a third step will involve identifying everyone who just had their names addresses and birthdates breached. In all, 500,000 customers may have had some portion of their information disclosed.
The data was encoded in such a way that it would be hard for anyone who obtained a stolen hard drive to view it, company spokeswoman Mary Thompson said.