OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Personal data accessed on Blue Cross website

From: security curmudgeon (jerichoattrition.org)
Date: Thu Jun 24 2010 - 15:58:19 CDT


http://www.ocregister.com/articles/information-254735-security-anthem.html

Published: June 23, 2010
Updated: June 24, 2010 7:24 a.m.
Personal data accessed on Blue Cross website
By COURTNEY PERKES
THE ORANGE COUNTY REGISTER

More than 200,000 Anthem Blue Cross customers this week received letters
informing them that their personal information might have been accessed
during a security breach of the company's website.

Only customers who had pending insurance applications in the system are
being contacted because information was viewed through an on-line tool
that allows users to track the status of their application.

Cathy Luckett of San Juan Capistrano was dismayed to learn that Social
Security and credit card numbers were potentially viewed.

[..]

"The ability to manipulate the web address (URL) was available for a
relatively short period of time following an upgrade to the system. After
the upgrade was completed, a third party vendor validated that all
security measures were in place, when in fact they were not. As soon as
the situation was discovered, we made the necessary security changes to
prevent it from happening again."

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php