Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) began sending notification letters to more than 800,000 members on Dec. 6, alerting them that their personal information may have been compromised after two unencrypted laptops were stolen from the insurance provider's Newark headquarters about one month prior.
The laptops were unencrypted, but were password-protected. The stolen computers contained sensitive information on roughly 840,000 members, including names, addresses, dates of birth and Horizon BCBSNJ identification numbers. Social Security numbers and clinical information were also included.
“Our top priority at the moment is making sure our members are protected,” Thomas Vincz, a Horizon BCBSNJ spokesperson, told SCMagazine.com on Monday. “We are in the process of notifying our members, who are affected, to apologize for this incident and to provide free credit monitoring and identity theft protection to those members' whose Social Security numbers were involved.”
Officials with Horizon BCBSNJ were alerted on Nov. 4 that the two laptops were stolen, despite being cable-locked to employee workstations. The insurance company began notifying affected members via mail on Dec. 6, following an initial investigation with the Newark Police Department.
Horizon BCBSNJ also hired outside computer forensic experts who determined that not all the information contained on the laptops would be accessible due to the configuration of the machines.
The laptops have yet to be recovered and an investigation is still ongoing, Vincz said. The information has not been used in any way and officials with Horizon BCBSNJ do not believe the laptops were stolen for the information the devices contained, according to a statement posted to the website.
“Horizon is still investigating the encryption procedures and the use of member information as it relates to the two stolen computers,” Vincz said. “Horizon is also reviewing its inventory of computers and its security and encryption procedures in general. We will also be enhancing employee training with respect to the security of company property and member information.”
Horizon BCBSNJ notified 300,000 of its members in early 2008 that their information may have been compromised after one of its unencrypted, yet password-protected, laptops was stolen in Newark. In that incident officials said the data was programmed to be deleted, thus limiting the exposure of sensitive member information.