Excellus BlueCross BlueShield announced Wednesday that more than 10 million of its customers’ information has been exposed in a massive cyberattack. The breach mainly affects residents of upstate New York, where the health insurance company is based.
The cyberattack is one of the 20 largest healthcare breaches ever reported, and it follows a string of other attacks on Blue Cross-affiliated companies nationwide, according to The Hill. Though the insurer didn’t notice the breach until August of this year, the actual attack occurred in December 2013.
The attackers so far haven’t used the information exposed, the report said, but they have access to customers’ social security numbers, names, addresses, birthdates, financial information, and claims. Excellus is offering impacted customers two free years of identity-theft protection.
The attack is the latest uncovered in a string of high-profile healthcare cyberattacks this year. In February, the country’s second-biggest insurer, Anthem, which provides plans in 14 different states, announced that a hack left 78.8 million people exposed. In March, Premera Blue Cross revealed that it had been the victim of an attack that exposed 11 million customers.
More Must-Reads from TIME
- Why Trump’s Message Worked on Latino Men
- What Trump’s Win Could Mean for Housing
- The 100 Must-Read Books of 2024
- Sleep Doctors Share the 1 Tip That’s Changed Their Lives
- Column: Let’s Bring Back Romance
- What It’s Like to Have Long COVID As a Kid
- FX’s Say Nothing Is the Must-Watch Political Thriller of 2024
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com