On November 17, 2023, California Physicians' Service dba Blue Shield of California (“Blue California”) filed a notice of data breach with the Attorney General of Montana. In this notice, Blue California explains that one of the company’s vendors, Medical Eye Services, Inc. (“MESVision”), experienced a MOVEit-related data breach resulting in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Blue California began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a letter from Blue Shield of California discussing a vendor data breach, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Blue California vendor data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Blue California Customers?
The Blue California vendor data breach was only recently announced, and more information is expected in the near future. However, Blue California’s filing with the Attorney General of Montana provides some important information on what led up to the breach. According to this source, on August 23, 2023, MESVision, a third-party vendor of Blue California, learned that an unauthorized party had accessed information belonging to Blue Shield of California customers. MESVision manages vision benefits for many Blue Shield members, which is how the company came to possess Blue California customer data.
In response, MESVision took its MOVEit server offline, reported the incident to the FBI, and then launched an investigation with the help of outside cybersecurity specialists. The MESVision investigation ultimately confirmed that an unauthorized third party removed information from the company’s MOVEit server on May 28, 2023, and May 31, 2023.
After learning that sensitive consumer data was accessible to an unauthorized party, MESVision reviewed the compromised files to determine what information was leaked and which consumers were impacted. Then, on September 1, 2023, MESVision notified Blue Shield of California of the data security incident.
On November 17, 2023, Blue California sent out data breach letters to anyone who was affected by the recent data security incident. While the publicly available Blue California data breach letter does not mention the specific data types that were compromised, the company’s data breach letters are addressed to individual victims and will provide victims with a list of what information belonging to them was affected.
Note that no computer system belonging to Blue Shield of California was impacted by the recent incident. All leaked information was stored on MESVision’s MOVEit server.
More Information About Blue Shield of California
Founded in 1939, Blue Shield of California is an insurance company and an independent member of the Blue Shield Association, headquartered in Oakland, California. Originally called California Physicians' Service, Blue California serves 4.5 million members and more than 65,000 physicians throughout California. Blue California employs more than 7,800 people and generates approximately $23 billion in annual revenue.
