subject: BlueCross says 220,000 at risk in data theft [print this page] BlueCross BlueShield of Tennessee IncBlueCross BlueShield of Tennessee Inc. has identified 220,000 members whose personal information may be at risk after hard drives were stolen from the insurer last year.
Thieves took 57 hard drives from one of BCBST's former call centers in Chattanooga in October.
On that Friday, Oct. 2, the insurance company's security system said only that the server in the Eastgate Town Center office, a remote location, wasn't working, not that there had been a theft. As the drives weren't mission-critical, no one was sent to see to the problem until the following Monday morning, the insurer said in a statement.
The drives contained an estimated 1.3 million audio files of recorded phone conversations between customer service representatives and customers or potential customers. The drives also contained an estimated 300,000 video files from images of the representatives' computer screens.
BlueCross BlueShield spokeswoman Mary Thompson said there is no evidence that any of the data has been accessed.
The data was encoded, but not encrypted. Some of it included members' names, BlueCross identification numbers and in some recordings diagnostic information, birthdays and Social Security numbers.
BlueCross BlueShield has backed up all of the data and contracted with Kroll, a risk consulting company, for further response.
The insurance company said 500,000 members are estimated to be at risk, and 220,000 of them have been identified. Of that group, 157,482 had been notified by mail as of last week.
The stolen drives had the names, Social Security numbers, birthdays and addresses of those identified so far. BlueCross BlueShield will give this group one year of free credit monitoring, identity monitoring and a host of support services from Kroll. Members with less information on the drives will get similar but fewer services.
BlueCross BlueShield is Tennessee's largest insurer but has members in all 50 states. It has identified 32 states with 500 or more members whose information was stolen.
