WellPoint Customer May Have Used Data Breaches to Support Lawsuit

June 30, 2010 (PLANSPONSOR.com) - WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers, and other sensitive information may have been exposed in a security breach of its records.

The Associated Press reports that the Indianapolis company said the problem stemmed from an online program customers can use to track the progress of their application for coverage that was upgraded by an outside vendor. After the upgrade, a California customer discovered she could call up confidential information of other customers by manipulating Web addresses used in the program.   

WellPoint learned about the problem when the customer filed a lawsuit about it against the company in March. According to Business Insurance WellPoint alleged in a statement that the “vast majority” of the site manipulation and unauthorized access “occurred at the hands of certain attorneys representing an applicant,” and said it believes the manipulation “was conducted to support a class action against Anthem Blue Cross and/or its parent company—over the very breach being committed.”   

A company spokesperson said the company fixed the issue within 12 hours of knowing the problem existed, according to the AP.  

The insurer notified all individual insurance customers who had information in its application tracking program from October through March. It will provide a year of free credit monitoring.