Kentucky-based health insurance provider Humana fell victim to a third data breach from December 2018, this time caused by a third-party vulnerability.
According to a detailed notice to the California Attorney General’s Office and affected customers, Humana was informed on Oct. 28 that its business partner, Bankers Life, had suffered an intrusion that allowed unauthorized access to select employee system credentials between May 30 and Sept. 13.
The intruder used employee credentials to hijack company websites used to apply for Humana insurance. An investigation determined that this may have given the intruder access to personal information of some policy holders. While data such as name, address, date of birth, last four digits of the Social Security number, and some information about policy type may have been compromised, critical information such as full Social Security number, banking and card information and details about medical care were not affected.
Bankers Life detected the breach on Aug. 7 and started an investigation. They informed law enforcement and contacted an external forensics team to help. Since then, they organized additional trainings for employees and implemented extra monitoring and security procedures.
While customers who may have been affected will received one year of identity repair and credit monitoring on behalf of Bankers Life, all are advised to keep a close eye on their account statements and insurance transactions to prevent fraud and identity theft attempts.