Newkirk Products, Inc, a service provider that issues healthcare ID cards for health insurance plans including several Blue Cross Blue Shield branches, has begun notifying approximately 3.3 million people of a data breach.
On May 21, an unauthorized individual gained unauthorized access to a server containing names, mailing addresses, plan types, member and group ID numbers, dependent names, primary care providers, dates of birth, premium invoice information, and Medicaid ID numbers, according to an Aug. 5 press release.
“An intruder exploited a weakness in the administrative portal of the 3rd party software on the single isolated server, and gained unauthorized access to the system,” a spokesman from Broadridge Financial Solutions, Newkirk's parent company, told SCMagazine.com via emailed comments.
Officials discovered that the server was compromised on July 6 and promptly shut it down. Newkirk also launched an investigation, hired a third-party forensic investigator to determine the extent of the breach and is working with law enforcement.
The service provider issues cards for companies either directly or through its former owner DST Systems, Inc. to locations in Kansas City, North Carolina, New York, West Virginia, and other locations across the country.
Those affected are being offered two years of free identity theft protection and restoration services.
“At Broadridge, we place the utmost value in securing our clients' information, and we are constantly investing in sophisticated technologies to minimize the risk of a cyber attack,” Broadridge Chief Operating Officer (COO) Timothy Gokey told SCMagazine.com via emailed comments. “It is important to note that this intrusion did not penetrate the Broadridge network as the Newkirk product, which was acquired on July 1, has not yet been transitioned off of DST's network.”