The drives, which contained more than 1.3 million audio files of recorded conversations between customer-service representatives and customers, were encoded, but not encrypted. To make matters worse, the drives also included 300,000 video files that show the images on customer-service reps' computer screens, with information like Social Security numbers, birth dates, addresses and medical information.
Most of the estimated 220,000 to 500,000 members affected by the breach are Tennessee residents. BlueCross BlueShield spokeswoman Mary Thompson says:
There is minimal risk to members' data being accessed due to the specialized nature of the hardware stolen and the difficulties associated with accessing.
Still, the company is offering one year of free credit-monitoring services.