U.S. health insurer CareFirst has admitted it has been hacked, the third such company to fall victim to hackers in recent months. The data breach compromised the records of 1.1 million of its customers.
Yet the breach took place in June last year but was only recently discovered. The lag time between hack and discovery indicates just how compromised many online customer record systems are these days.
The attack is similar to that perpetrated on Blue Cross, which had 11 million customer records stolen, and Anthem, which lost 80 million records.
The database accessed included member names, birth dates, email addresses and identification numbers. It remains to be seen if other records were compromised but given the magnitude of the attack this is likely.
"We deeply regret the concern this attack may cause," CareFirst chief executive Chet Burrell said.
"We are making sure those affected understand the extent of the attack - and what information was and was not affected."
CareFirst operates in Maryland, Virginia and the District of Columbia and has 3.4 million customers.
Investigators looking into the breach said it resembled earlier attacks from China, the lead global sponsor of hacking into civilian computer systems.