Establishing Digital Trust: Don't Sacrifice Security for Convenience
Insurer BlueCross BlueShield officials this week are telling hundreds of thousands of members that somehow a thief managed to steal a total of 57 computer hard drives from a closet at Chattanooga, Tenn. call center.
In a statement, BlueCross BlueShield spokeswoman Mary Thompson said that while the data was encoded, it was not encrypted. She said the drives contained more than 1.3 million audio files of recorded conversations between customer service representatives and customers.
The drives also included 300,000 video files from images on customer service reps' computer screens, including Social Security numbers, birth dates, addresses and medical information.
While the bulk of the estimated 220,000 to 500,000 members affected by the data breach are Tennessee residents, BlueCross BlueShield said there at least 500 members from another 32 states who had their data exposed in the heist.
For now, BlueCross BlueShield is offering one year of free credit monitoring services as well as other data management and security services from Kroll, a risk management and IT security consulting firm.
"There is minimal risk to members' data being accessed due to the specialized nature of the hardware stolen and the difficulties associated with accessing," Thompson said in a statement.
BlueCross BlueShield is just the latest insurer to fess up to massive security breach.
Last week than 15,000 Kaiser Permanente patients in Northern California were warned that their personal information, including birth dates, addresses, phone numbers and medical-record numbers, was exposed last month after an unencrypted external storage drive was stolen from an employee's car.
In November, a similar theft exposed the names and Social Security numbers of more than 60,000 soldiers and civilian personnel at the Army Corp of Engineers' Southwestern Division in Dallas.
According to the nonprofit Open Security Foundation, there were more than 400 major data breach incidents last year at hospitals, universities, military bases and private-sector companies.
A report released last year by security researcher the Ponemon Institute found that more than 800,000 data-sensitive memory devices -- including external storage devices -- are either lost or stolen each year.