Keller Rohrback is investigating recent reports that Excellus BlueCross BlueShield has discovered a major data breach in its systems which affects over 10 million of its subscribers, most of whom reside in upstate New York.

Members of other BlueCross BlueShield plans who sought treatment at one of Excellus’ service area may also have been affected. Subscribers of the following other affiliates may also have been affected: Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare.

The intrusion into the Excellus systems began nearly two years ago, with hackers apparently first accessing the systems on December 23, 2013. Excellus discovered the hack only a month ago, on August 5.

The company’s President and CEO has confirmed that attackers may have gained unauthorized access to individuals’ information, which could include name, date of birth, Social Security number, mailing address, telephone number, member identification number, financial account information and claims information.

These types of critically important information are used to commit fraud or identity theft.

"Given the highly confidential and personal nature of medical information, health care consumers have a right to expect that their information will be kept safe from criminals who can use this data to commit identity theft and fraud," said Cari Laufenberg, a member of Keller Rohrback’s nationally recognized complex litigation group.

As many as 10 million of Excellus clients nationwide may have been exposed in an attack dating back to 2013.

Keller Rohrback is a leader in representing consumer and employee victims of data breaches.

Keller Rohrback has a long track record of success with data breach litigation, including the Ninth Circuit case Krottner v. Starbucks where the court held that the theft of a laptop containing employees’ personally identifiable information sufficed to confer Article III standing on plaintiffs.