BlueCross BlueShield of Tennessee is readying a Nov. 30 mass mailing to some of its 3.1 million customers in the Volunteer State who may have had their Social Security numbers and other private data compromised after an Oct. 2 hard drive theft at a remote training facility in Chattanooga.
"It's going to be a progression of mailings, with those who would be most at risk receiving the first mailings, depending upon how many people had a Social Security number compromised," says BCBST spokeswoman Mary Thompson.
"If you don't get a letter, you are safe. No news is good news," Thompson says.
Meanwhile, local, state, and federal law enforcement officials have been called in to investigate the Oct. 2 theft of three 3.5" X 10" hard drives, which were physically removed from server racks on computers inside a data storage closet at a training center located in a strip mall.
"We were using the information on those drives for training purposes. We were auditing our [customer service representatives] to ensure that they were delivering the correct information and servicing providers correctly and using it for training of new CSRs," Thompson says.
Thompson adds she could provide no update on the criminal investigation.
"There are many theories circulating," she says. "Of course, so we don't compromise the investigation, I'd rather not speculate. But the data was not encrypted, which would be the ideal way to secure the data. It was encoded and scrambled across the drive. Only individuals who have the most-high level of expertise, access to software and equipment would be able to reassemble the data into a form where they could access the data for any criminal activity.
"Obviously there is great concern any time data is breached, but this wasn't something that was done where somebody hit the wrong button or put the wrong labels on a file. This was a crime. This was an actual burglary," she says.