Premera Blue Cross sued over data breach

Premera Blue Cross is facing a class action lawsuit after disclosing that hackers might have gained access to the personal information of 11 million people last year.

The suit, filed Thursday in Washington federal court, hammered Premera for waiting roughly six weeks to tell victims that their data might have been exposed.

The health insurer is one of the largest in the Pacific Northwest and serves customers in Washington state, Alaska and Oregon. It revealed the data breach on March 17, saying it had uncovered the attack on Jan. 29.


A wide variety of personal information about current and former customers might have been exposed, including names, dates of birth, Social Security numbers, bank account information and even clinical treatment data.

The company was quick to note that there is no evidence data was taken from the system, and no Premera customer information appears to have been sold on the international black market.

The class action lawsuit seeks an undetermined amount of compensation for future economic losses based on the idea that Premera customers will face identity theft as a result of the breach.

The complaint highlights a variety of details about the breach, including the fact that hackers had access to Premera’s systems for roughly eight months before they were detected.

The unauthorized users were able to see data for customers going back to 2002, including policyholders for affiliate insurers in Alaska, Oregon and Washington state.

Lawyers managing the suit for Weitz & Luxenberg argued that Premera failed to safeguard customers’ data and is not doing enough to prevent medical identity theft in the aftermath of the breach.

“Premera has offered to provide a credit monitoring service to notify the victims when information stolen from them is used fraudulently,” said attorney James Bilsborrow in a statement.

“But that is inadequate. … What is Premera doing to safeguard against medical identity theft, inappropriate disclosure of patient clinical information, or fraudulent tax filings? This type of fraud is far more pernicious given the data types that were compromised.”