Blue Cross issues alert for ID theft

It put Social Security numbers on mailings

Blue Cross and Blue Shield of North Carolina notified more than 600 members this week that their Social Security numbers were inadvertently disclosed, possibly putting them at risk for identity theft.

Blue Cross spokeswoman Rita Simonetta said the mistake affected 629 people who applied for a new health savings account insurance plan sold directly to individuals, Blue Options HSA.

Members' Social Security numbers were included in an 11-digit tracking number that appeared on an exterior mailing label and on a letter inside an information packet recently sent to the new members.

"It wasn't supposed to happen, but it did," Simonetta said. "We're very upset it happened, and we're very sorry."

Blue Cross has made changes to ensure that the error that caused personal information to be exposed does not happen again, officials said.

Blue Cross is the state's largest health insurer, with 3.2 million members. It was required to notify affected members under a state law that took effect Dec. 1. The measure was adopted because of rising concerns about identity theft, which occurs when thieves use a person's personal information to make purchases or obtain credit.

In 2005, U.S. consumers lost nearly $57 billion to identity theft, according to a study released this week by the Council of Better Business Bureaus and Javelin Strategy & Research.

A name and Social Security number give a thief plenty of opportunity to commit fraud, Bruce Cardiff, a research analyst with Javelin, said. Thieves frequently use such information to open credit accounts and make fraudulent purchases.

"Probably in the vast majority of these cases, it's not going to result in any fraud, but it's still a good idea for consumers to be vigilant," Cardiff said.

He recommended that consumers contact one of the three major credit reporting agencies to place an "alert" on their credit information. That causes banks or merchants to contact the person if their credit is checked for the purpose of opening a new account.

Consumers also could freeze their credit reports, which would stop unauthorized attempts to obtain credit.

Stephen Kehoe of Cary, one of the Blue Cross members who was notified of the mailing error, said he never received the information packet with his Social Security number. That made him worry that the mailing might have fallen into someone else's hands.

Kehoe said he called Blue Cross and asked the Chapel Hill-based company to pay for a credit-monitoring service to watch his accounts for unusual activity. The company turned him down, he said.

"The chances are probably not particularly great that [identity theft] will happen, but I think ... [credit monitoring] is the right thing to do," Kehoe said.

In letters to affected members, Blue Cross recommended that they review their credit reports. As required by North Carolina's anti-identity theft law, the company explained how to get free copies.

Last year, to protect members from identity theft, Blue Cross stopped using Social Security numbers as member identification numbers. However, Blue Cross still uses Social Security numbers internally to track some member information, Simonetta said.