xml:space="preserve">
xml:space="preserve">
Advertisement
Advertisement

6,800 affected in CareFirst phishing incident

CareFirst BlueCross BlueShield said Friday it was hit by a phishing email attack that could have exposed the personal information of 6,800 of the insurer’s members.

Phishing attacks use deceptive emails and websites to convince people to disclose personal information.

Advertisement

The state’s largest insurer said an employee’s email account was compromised by phishing on March 12. The employee’s account was used to send emails to people not associated with CareFirst.

Even though the emails were sent too others, the attackers potentially could have accessed the personal information of 6,800 CareFirst members through the employee’s emails. The personal information that could have been compromised includes names, member identification numbers and date of birth.

Advertisement
Advertisement

In eight cases, social security numbers could have been taken. No medical or financial information was compromised.

About 150 million users of the MyFitnessPal fitness and nutrition app and website have been affected by a data security breach, the site’s owner, Baltimore-based Under Armour, said Thursday.

The original phishing message and the resulting spam messages were forensically examined by CareFirst’s information security team and a third party information security firm. The insurer’s entire system also was analyzed and there was no evidence of other suspicious activity or malware, which is software that attacks computers and disables computer systems.

The employee’s email account that was attacked was reset.

There is no evidence that CareFirst member information was improperly used, but the insurer is offering free credit monitoring and identity theft protection for those affected for two years.

Recommended on Baltimore Sun

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement