BCBS of Illinois Data Breach Affects 6,903 Members: SSNs Exposed

On February 11, 2025, Blue Cross and Blue Shield of Illinois (BCBSIL) discovered unauthorized activity on its Blue Access for Members portal. This portal is used by members to access their health insurance information online. The investigation revealed that, between November 8, 2024, and March 5, 2025, protected health information (PHI) and personally identifiable information (PII) may have been viewed by an unauthorized individual. In total, 6,903 people in the United States were affected by this breach.

This data includes both PII, such as names, addresses, and dates of birth, and PHI, which covers medical record numbers, service and billing information, and health plan details.

BCBSIL reported this incident to the U.S. Department of Health and Human Services on April 13, 2025. You can view the official disclosure on the U.S. Department of Health and Human Services breach portal.

Blue Cross and Blue Shield of Illinois's response

After discovering the incident, BCBSIL took immediate steps to investigate and address the unauthorized activity on the BAM portal. The company has stated that, at this time, there is no evidence that anyone has accessed or misused the information involved. However, out of an abundance of caution, BCBSIL is offering a complimentary one-year membership to Experian’s® IdentityWorks™ for those who may have been impacted. This service provides identity detection and resolution support.

If you are a BCBSIL member, it is important to regularly review your explanation of benefits (EOB) statements for any unfamiliar services. If you notice anything suspicious, contact BCBSIL using the number on your member ID card. If you do not receive EOBs, you should request statements from your provider or plan after receiving any services. BCBSIL has also provided a toll-free number for additional questions or concerns, and offers TDD/TTY services and language assistance for members who need it.

For those affected, monitoring your accounts and being vigilant about potential identity theft or fraud is recommended given the nature of the information exposed in this breach.

For more details, BCBSIL has also posted a notice for Blue Access for Members data incident on their website.