Hackers grab 1.1 million CareFirst members' data in "sophisticated" cyberattack

Initial evidence suggests names, birth dates, and email addresses, but not credit card data.
Written by Zack Whittaker, Contributor

Data on about 1.1 million current and former subscribers of health insurance company CareFirst has been stolen by hackers, the company has confirmed.

In a statement, the non-profit said it was the target of a "sophisticated" cyberattack, in which a single database of members' names, birth dates, email addresses, and other subscriber data was stolen.

Over 90 percent of data breaches in first half of 2014 were preventable

Credit card, social security, and medical data were not taken in the breach. Passwords, which were stored in an unaffected separate system, were not taken.

It follows a long list of health and insurance companies that have suffered at the hands of hackers in recent months, including Anthem and Premera Blue Cross.

But in the case of CareFirst's breach, it took almost a year for the breach to be found.

Hackers attacked the company's network in June 2014. The company brought in security firm Mandiant to survey the damage, which determined there were no prior or subsequent attacks or any evidence to suggest other personal information was grabbed.

The company has since blocked access to the accounts, and asked its members to create new login credentials.

CareFirst chief executive Chet Burrell said in a statement that the company would also offer free credit monitoring and identity theft protection to those affected for two years.

See Gallery: 14 privacy tools you should use to stay secure

14 privacy tools you should use to stay secure

Editorial standards