Power Breakfast: Security breach at Ga. insurer, Georgia Dome, iPhone, home prices, Aaron’s, UPS, Google

The state’s largest health insurance company has warned 70,000 Georgians that their personal medical information, Social Security numbers and credit card data may have been wrongly accessed because of a Web site security breach, AJC staffer Craig Schneider reports.

The security problem at Blue Cross and Blue Shield of Georgia is part of an even larger Web site breach of its parent company, WellPoint, which has sent warning letters to 470,000 people across the country, Schneider writes.

Information was exposed for five months, said company spokeswoman Cindy Sanders. It affected applicants under the age of 65 who were applying for individual policies.

A small number of site users were able to access private information after manipulating the Web address that people applying for insurance use to track the status of their application, she said.

Also in the AJC:

In other media:

For instant updates, follow me on Twitter.

One comment Add your comment

David Vogel

August 7th, 2010
12:18 pm

The problem with Blue Cross/Blue Shield of Georgia is only the tip of the iceberg. Blue Cross/Blue Shield is split up, nationally, into many affiliates. This splits a large, systemic problem into several smaller problems no one of which attracts a lot of attention. Recently, Anthem BC/BS had 800,000 records stolen; BC/BS of Rhode Island, 12,000; BC/BS of Tennessee, 500,000. With the total from WellPoint, this is in the neighborhood of 2 million stolen records. As is the case with BC/BS of Georgia, there were delays of many months in reporting these thefts making one wonder what remains to be discovered. Indeed, as the letter sent to Georgia customers indicates that all applicant records were stolen, 70,000 seems a low estimate of the size of the problem.
Note that the Attorney General of Connecticut is suing Anthem BC/BS over the delay, and describes the response to consumers as inadequate. That response is identical to the response of BC/BS of Georgia
Customers of BC/BS of Georgia should be offended by the company’s response. The response is generic and places the burden of learning how to protect themselves on customers. There is no reason, other than trouble and modest cost, why BC/BS of Georgia could not provide individual customers with specific information such as whether they had credit card information on file so that their customers would know whether their credit card needs to be cancelled. BC/BS does not even suggest to their customers that this action may need to be taken.
BC/BS of Georgia has provided a one-year subscription to a service that notifies users if untoward information is submitted to credit agencies. One year is a totally inadequate period of time and has already been extended by Anthem BC/BS under pressure from the Attorney General of Connecticut.