BCBS of Michigan experiences ID theft impacting 5,500 members

Blue Cross Blue Shield of Michigan (BCBSM) learned of a large-scale identify theft scheme back in 2012, but the recent filing of indictments means the organization is only now authorized by law enforcement to announce the breach of protected health information and notify 5,514 members.

The U.S. Attorney Office for the Eastern District of Michigan indicted 11 individuals on multiple counts of identity theft. BCBSM employee Angela Patton printed screen shots of subscribers’ profiles, according to U.S. Attorney Barbara L. McQuade, which were then distributed to her co-conspirators to apply for credit in other peoples’ names and purchase merchandise across the nation, according to a release frm McQuade's office.

In addition to those indicted in Michigan, co-conspirators also were arrested in Ohio and Texas in possession of screen shots from Patton’s BCBSM work computer, according to a statement from McQuade. Home searches in Michigan turned up personally identifiable information on thousands of subscribers, along with counterfeit and re-encoded credit cards and gift cards. The information included individuals’ names, dates of birth and Social Security numbers. The indictment alleges that three of the co-conspirators who used counterfeit credit cards at different major stores and warehouses fraudulently obtained more than $742,000 worth of merchandise from Sam’s Club alone.

The Southeast Michigan Financial and Cyber Crimes Task Force, U.S. Secret Service, Department of Homeland Security, U.S. Postal Inspection Service, and IRS Criminal Investigations unit, along with five metro Detroit police departments, participated in the investigation.

“We have taken a number of deliberate steps to further secure our members’ personal information,” said BCBSM CEO Kevin Klobucar in a statement, “including limiting access to members’ Social Security numbers, requiring all employees to change their passwords and installing new printing devices that require employees to scan their coded badges to print.”

The members, covered under BCBSM or Blue Care Network, are being offered a two-year comprehensive suite of protective services from AllClear ID that includes identity repair assistance, credit monitoring and a $1 million identity theft insurance policy.