WellPoint said Tuesday that the personal information of about 128,000 members was exposed online over the past year, AP/BusinessWeek reports. The exposed information might have included Social Security numbers, as well as pharmacy and medical data.
WellPoint is the largest U.S. health insurer by membership (Murphy, AP/BusinessWeek, 4/8).
The data breach stemmed from two Internet servers maintained by third-party vendors, according to WellPoint.
Cheryl Leamon, a WellPoint spokesperson, said that the problems have been fixed and that the company is notifying members. The company declined to identify which type of members were affected or which states they were located in (Krauskopf, Reuters, 4/9).
WellPoint said that it is offering free credit-monitoring services to affected customers but that there have been no reports of identity theft or credit fraud (AP/BusinessWeek, 4/8). The insurer said it is investigating the data breach internally, as well as with external consultants (Reuters, 4/9).