Blue Shield of California Members’ Personal Information Stolen by Hackers

December 2, 2023

Blue Shield of California has announced it was the target of a cyberattack that stole troves of vision plan member’s personal information.

The data may have included names of members, their dates of birth, social security numbers and information related to vision health care, according to a Nov. 17 press release from Blue Shield.

Hackers stole the data from a Blue Shield server managing vision care data on May 28 and May 31, according to the release. A vendor for Blue Shield, which the release did not identify, discovered the breach on Aug. 23 and reported it to Blue Shield on Sept. 1.

In response to the breach, the vendor immediately took the server offline, launched an investigation into the incident, engaged a cybersecurity firm and reported the matter to the FBI, Blue Shield said.

The attack was part of a broader wave of cybersecurity breaches by a ransomware group known as Clop, which exploited a vulnerability of an enterprise digital file-moving software known as MOVEit, which allowed hackers to steal data. Following the breaches MOVEit creator Progress Software reportedly issued a patch.

“When we discovered the vulnerability in MOVEit Transfer and MOVEit Cloud, we worked quickly to provide initial mitigation strategies, deployed a patch on May 31 that fixed the vulnerability and communicated directly with our customers so they could take action to harden their environments,” a MOVEit spokesperson said. “We are committed to playing a collaborative role in the industry-wide effort to combat cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.”

In response to the attack, Blue Shield says it has opened a dedicated call center to answer questions—it can be reached at 1-866-983-2632 Monday through Friday from 8 a.m. to 7 p.m. Central Time, excluding major U.S. holidays.

Blue Shield also offers free credit monitoring with identity restoration services for anyone impacted by the data breach.

If you are a Blue Shield member affected by the breach, the health care provider recommends you do the following:

• Closely review credit reports and account statements, and notify the bank or other institution maintaining your account and report any fraudulent activity or suspected identity theft to law enforcement, the Federal Trade Commission or the Attorney General’s Office in your home state.

• Blue Shield recommends placing a fraud alert on your credit file. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. If you have already been a victim of identity theft, you may have an extended alert placed on your report, which lasts for seven years. You can place a fraud alert on your credit file by contacting Equifax, TransUnion or Experian.

• You may also want to consider placing a security freeze on your credit file, which will prevent new credit from being opened in your name without the use of a PIN. A security freeze is designed to prevent credit, loans and services from being approved in your name without your consent. Security freezes also require you to contact one of the three credit reporting agencies above.

The following can indicate if you are a victim of identity theft, according to the FEC:

• You see withdrawals from your bank account that you can’t explain.
• You don’t get your bills or other mail.
• Merchants refuse your checks.
• Debt collectors call you about debts that aren’t yours.
• You find unfamiliar accounts or charges on your credit report.
• Medical providers bill you for services you didn’t use.
• Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
• A health plan won’t cover you because your medical records show a condition you don’t have.
• The IRS notifies you that more than one tax return was filed in your name or that you have income from an employer you don’t work for.
• You get notice that your information was compromised by a data breach at a company where you do business or have an account.