Insurer sued over data breach

Fact-checked with

At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

CareFirst BlueCross BlueShield in Maryland has been hit with a proposed class action lawsuit after a June 2014 data breach exposed the names, birth dates, email addresses and subscriber identification numbers of about 1.1 million customers.

The suit, filed this month in U.S. District Court in Baltimore by 2 CareFirst customers, claims the insurance company failed to secure its data even after becoming aware of a security vulnerability in an attempted attack prior to last year’s breach.

“The data breach at issue in this case occurred despite the fact that CareFirst was on notice of security problems,” the plaintiffs said in the suit against the region’s largest health insurer.

The 2 plaintiffs in the case also claim that because of the breach, they are now at risk for identity theft and fraud, according to the website

“In addition, identity thieves may obtain services using plaintiffs’ confidential health information and (personal information), or commit any number of frauds such as obtaining a job or procuring housing,” the plaintiffs wrote.

Should this matter to you?

If you were a CareFirst customer on or before June 20, 2014, there’s a chance your information has been compromised. That means you’re more susceptible to identity theft or fraud.

The hacked database contained no Social Security numbers, medical claims, or employment, credit card or financial information, according to a May 2015 statement from CareFirst announcing the data theft.

CareFirst has offered customers free identity protection and credit monitoring for 2 years.

“We deeply regret the concern this attack may cause,” CareFirst President and CEO Chet Burrell said in a press release. “We are making sure those affected understand the extent of the attack — and what information was and was not affected.”

Next steps

For starters, follow the lawsuit against CareFirst for any new information that may come to light.

It’s also always a good idea to monitor your credit report for any unauthorized credit accounts opened in your name. You can pull your credit report for free at myBankrate.

These types of cyber attacks are a good reminder to regularly check your credit — it’s one of the easiest ways to spot identity theft and mitigate the consequences.