One current and one former member of Baltimore-based CareFirst BlueCross BlueShield are leading a class action lawsuit against the company following the May disclosure of a June 2014 cyberattack that exposed the data of more than 1 million current and former members, according to a Baltimore Sun report.
While the company has said that no Social Security numbers were disclosed in the breach, a lawyer for the plaintiffs claims that identity theft has already taken placed as a result of the attack. The class action suit alleges that the company did little to ensure its member data was protected after becoming aware of cybersecurity weaknesses in 2014.
The compromised data includes names, birthdays, email addresses and insurance identification numbers.