One million affected by CareFirst breach

The personal data of more than one million CareFirst customers has potentially been exposed due to a data breach that the health insurance organisation suffered nearly one year ago. The US-based company, part of BlueCross BlueShield, this week publicly announced the breach, admitting that sensitive data, including names, birth dates, and ID numbers, were accessible to the attackers.

What CareFirst is calling a "sophisticated cyber-attack" was discovered by security firm, Mandiant, which was hired by CareFirst to perform a routine assessment of internal IT systems.

"Approximately 1.1 million current and former CareFirst members and individuals who do business with CareFirst online who registered to use CareFirst's websites prior to June 20, 2014 are affected by this event,” the company wrote in an advisory published on its website.