Weitz & Luxenberg P.C. is investigating potential economic injury claims against CareFirst BlueCross/BlueShield after computer hackers carried out a data breach and accessed the confidential private records of some 1.1 million of the Baltimore-based health insurer’s policy holders.
According to media reports, most of the victims of the CareFirst data breach live in Maryland, the District of Columbia and parts of Virginia.
The firm said CareFirst customers fearful that the data breach hackers stole their confidential information may contact W&L, by phone at (212) 558-5786 or online by a form or chat, to discuss a possible right to legal action against the health insurer.
CareFirst Data Breach Exposed Customers’ Names
According to news stories, the hackers were able to abscond with CareFirst customers’ names, birth dates, email addresses and insurance card numbers.
CareFirst insisted to the press that passwords, credit card numbers, medical records and Social Security numbers were not among the materials lost in the data breach.
Even so, computer security experts who spoke to reporters said the hackers may be able to use whatever confidential information they acquired in the data breach to commit identity theft.
CareFirst Data Breach Looked Like Two Earlier Ones
Computer experts told the press that the CareFirst hackers appear to have employed techniques similar to those used earlier this year in data breaches that victimized customers of two other health insurers — Premera Blue Cross and Anthem Blue Cross.
In February, W&L investigated consumer claims against Seattle-based Premera and subsequently filed a class action lawsuit on behalf of current and past Premera members who, at any point during or after 2002, held a policy with the company.
W&L is continuing to accept plaintiffs for the class action data breach lawsuit against Premera.
The firm filed a class action against Anthem, Inc., after 80 million records belonging to that health insurer’s customers were hacked. Word of that data breach surfaced earlier this year.
Plaintiffs are still being added to the class action against Anthem, which maintains headquarters in Indianapolis.
However, only those Anthem data breach victims who suffered actual fraud —such as receiving notice that a tax return had been fraudulently filed in their name — can at this time be considered as potential plaintiffs.
In both the Premera and Anthem data breaches, security experts have said it is possible that the victims could suffer financial harm totaling billions of dollars.
One source of loss would be the money consumers are compelled to pay to credit-protection services that offer to shield victims against criminal misuse of the stolen records, said Robin L. Greenwald, who heads the W&L Environmental, Toxic Tort & Consumer Protection litigation unit.
Greenwald explained that W&L believes victims of health-insurer data breaches deserve compensation and identity theft protection.
“Legal help is available to the victims,” she said. “There is no need for them and their families to suffer potentially catastrophic financial harms caused by a data breach at a company they trusted to keep their confidential private information confidential and private.”