PHIprivacy.net reports that call center services provider Connextions "had a long-running breach" that affected more than 4,800 customers of Anthem Blue Cross Blue Shield of Indiana, Anthem Blue Cross Blue Shield of Ohio, and Empire Blue Cross Blue Shield of Indiana.
The breach apparently took place over a period of approximately one year, from November 2011 to October 2012.
In response to an inquiry by PHIprivacy.net, Connextions simply responded with the following statement: "We take very seriously our responsibility to protect consumer information, and have taken additional steps to reinforce our rigorous information security policies and practices. We have been cooperating with authorities on this matter."
Cindy Wakefield, spokesperson for Anthem parent company WellPoint, provided more information, telling PHIprivacy.net that a former Connextions employee had confessed to taking customers' Social Security numbers. "There are indications that the employee may have conveyed some of this information to third parties who are the subject of an ongoing criminal investigation," she said.
According to Wakefield, at least four customers have been "identified as impacted" by the former Connextions employee's actions, and Anthem Blue Cross and Blue Shield is providing approximately 6,000 customers "whose information could have been impacted" with free identity theft protection services.