Humana has notified customers of a third-party security incident that might have exposed some of their personal information.

According to a breach notification letter obtained by DataBreaches.net, the for-profit American health insurance company learned on 25 October 2018 that bad actors had gained access to the system credentials of some employees at Bankers Life, one of Humana’s business partners. Those individuals then used those credentials to enter secure Bankers Life websites. There, they might have stolen the personal data of individuals who had applied for a Humana health insurance policy through those sites.

Bankers Life first learned of this incident on 7 August 2018. With the help of an external forensics investigator, the primary subsidiary of CNO Financial Group, Inc. determined that the unauthorized parties had accessed some of its employees’ credentials between 30 May 2018 and 13 September 2018. During that time, those bad actors might have acquired customers’ names, addresses, dates of birth, limited health insurance information and the last four digits of their Social Security Numbers.

Bankers Life’s investigation revealed that the incident didn’t expose the full Social Security Numbers, driver’s license numbers, financial information or sensitive medical data of most affected customers.

Following its discovery of the potential data breach, Bankers Life sent notification letters to 566,217 customers in which it offered them one year of free identity repair and credit monitoring services. It also urged them to monitor their credit reports and banking accounts for suspicious activity.

In its breach notification letter, Humana took a moment to inform customers of their options:

We want you to know that at Humana we take seriously our responsibility to ensure the security of your information. We regret any concern this incident might have caused. You have privacy rights under a Federal law that protects your health (Read more...)