CareFirst announced Wednesday it was the target of a cyberattack in June 2014 when attackers gained access to a database that stores member information.
The database included member usernames created at www.carefirst.com, names, birth dates, and email addresses, but NOT Social Security Numbers, passwords, medical claims, or financial information.
CareFirst said it will begin mailing letters to affected members and will provide them two free years of credit monitoring and identity theft protection services.
Members who think they may be affected and have specific questions about the attack and the protections being offered by CareFirst should visit www.carefirstanswers.com or call 1-888-451-6562.
Approximately 1.1 million current and former CareFirst members who registered to use CareFirst’s websites prior to June 20, 2014 are affected. CareFirst has blocked member access to these accounts and will request that members create new usernames and passwords.