Data on about 1.1 million current and former subscribers of health insurance company CareFirst has been stolen by hackers, the company has confirmed.
In a statement, the non-profit said it was the target of a “sophisticated” cyberattack, in which a single database of members’ names, birth dates, email addresses, and other subscriber data was stolen.
Credit card, social security, and medical data were not taken in the breach. Passwords, which were stored in an unaffected separate system, were not taken.
It follows a long list of health and insurance companies that have suffered at the hands of hackers in recent months, including Anthem and Premera Blue Cross.
But in the case of CareFirst’s breach, it took almost a year for the breach to be found.
Hackers attacked the company’s network in June 2014. The company brought in security firm Mandiant to survey the damage, which determined there were no prior or subsequent attacks or any evidence to suggest other personal information was grabbed.
The company has since blocked access to the accounts, and asked its members to create new login credentials.
CareFirst chief executive Chet Burrell said in a statement that the company would also offer free credit monitoring and identity theft protection to those affected for two years.