Yesterday CareFirst BlueCross BlueShield announced that 1.1 million consumer accounts were breached in a cyber attack last year. Hackers made off with consumer's names, dates of birth, email addresses, and insurance numbers. The breach of this information does not pose an immediate risk of financial harm to consumers, but does place consumers at risk of "phishing" attempts where criminals utilize their existing knowledge of consumer data to convince consumers to share additional information.
This is the third major breach by U.S. health insurer's this year, and demonstrates the need for much stronger data security policies by entities that collect, store, sell and transfer huge amounts of consumers' personal information on a daily basis.
Illinois is poised to pass legislation that would take significant steps to limit future data breaches and protect more private consumer information. Senate Bill 1833, sponsoered by Senator Dan Biss and Representative Ann WIlliams, has passed through the state Senate and House committe. We expect a full house vote within the next day. The bill is a major legislative priority for Attorney General Lisa Madigan and Illinois PIRG, and also has the support of other consumer organizations includeing Citizen Action, the Woodstock Institute, and Heartland Alliance.
The bill requires entities that collect and store personal consumer data to adopt "reasonable security measures" to protect that data. It also expands the definitition of private information to include things such as geoloaction data and consumer marketing data.
You can help us push this important bill over the finish line by emailing your representative now urging them to support SB1833.
Illinois PIRG also has some tips in the event of a breach which you can read here.