BCBS of TN Hard Drive Theft Now Threatens 1 Million Customers

The theft of 57 hard drives from a BlueCross BlueShield of Tennessee training facility last fall has put at risk the private information of nearly one million customers in least 32 states, the insurer said this week in an investigative update.

So far, there has been no documented identity theft or credit fraud affecting BlueCross members as a result of this incident, BCBS of Tennessee said in a media release.

"As of April 2, 2010, a total of 998,422 current and former members have been identified at being at risk," said BCBS of Tennessee spokeswoman Mary Thompson, adding that the total figure includes 447,549 current and former members identified in the lowest-risk Tier 1 category.

"These newly-identified members in Tier 1 began receiving their notification letters the week of April 5. To date, a total of 550,873 notifications have been sent to members indicating that their personal information was included on the stolen hard drives," Thompson said.

The hard drives containing 1.3 million audio files and 300,000 video files related to coordination of care and eligibility telephone calls from providers and members were reportedly stolen from a leased office in a Chattanooga strip mall that once housed a BCBS of TN call center. The video files were images from computer screens of customer service representatives and the audio files were recorded phone conversations from Jan. 1, 2007 to Oct. 2, 2009. The files contained customers' personal data and protected health information that was encoded but not encrypted.

So far, notices have been sent to all 238,589 members in the Tier 3 category, who had their name, address, BlueCross member ID number, diagnosis, Social Security number, and/or date of birth included in the stolen hard drives.