A health insurer in western New York and affiliates said Wednesday that their computers were targeted last month in a cyberattack that may have provided unauthorized access to more than 10 million personal records.
Excellus BlueCross BlueShield, headquartered in Rochester, and Lifetime Healthcare Companies said they’re offering affected individuals in upstate New York two years of free identity theft protection.
The companies said unauthorized computer access was discovered Aug. 5, and further investigation revealed that the initial attack occurred on Dec. 23, 2013.
Hackers infiltrated the Pentagon food court’s computer system, compromising the bank data of an unknown number of employees.
Lt. Col. Tom Crosson, a Defense Department spokesman, said on Tuesday that employees were notified that hackers may have stolen bank account information from people who paid for concessions at the Pentagon with a credit or debit card.
Laurie Weidner, spokeswoman for the Chancellor’s Office, said CSU has not terminated its relationship with We End Violence, which administered the training program called Agent of Change. The vendor was one of three offered to campuses, when the sexual violence prevention program was rolled out, she said.
Weidner said in an email the vendor was one of several reviewed and was recommended by the White House task force on campus sexual violence prevention.
“The vendor agreed to the required contract terms and conditions regarding information security, including accepting CSU definitions for what constitutes confidential data, and the requirement to maintain the privacy (of) confidential information,” Weidner said.
CSU has no plans to change the screening process of vendors delivering the online sexual assault prevention training, Weidner said.
“The breach occurred with one vendor not the others,” she said in the email. “The CSU has other contracts with other vendors, and there has been no data exposure.”