Excellus BlueCross BlueShield announced Wednesday that more than 10 million of its customers’ information has been exposed in a massive cyberattack. The breach mainly affects residents of upstate New York, where the health insurance company is based.
The cyberattack is one of the 20 largest healthcare breaches ever reported, and it follows a string of other attacks on Blue Cross-affiliated companies nationwide, according to The Hill. Though the insurer didn’t notice the breach until August of this year, the actual attack occurred in December 2013.
The attackers so far haven’t used the information exposed, the report said, but they have access to customers’ social security numbers, names, addresses, birthdates, financial information, and claims. Excellus is offering impacted customers two free years of identity-theft protection.
The attack is the latest uncovered in a string of high-profile healthcare cyberattacks this year. In February, the country’s second-biggest insurer, Anthem, which provides plans in 14 different states, announced that a hack left 78.8 million people exposed. In March, Premera Blue Cross revealed that it had been the victim of an attack that exposed 11 million customers.
More Must-Reads from TIME
- Donald Trump Is TIME's 2024 Person of the Year
- Why We Chose Trump as Person of the Year
- Is Intermittent Fasting Good or Bad for You?
- The 100 Must-Read Books of 2024
- The 20 Best Christmas TV Episodes
- Column: If Optimism Feels Ridiculous Now, Try Hope
- The Future of Climate Action Is Trade Policy
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com