Blue Shield has been hacked. What to do if your information was part of the breach

Blue Shield of California's corporate headquarters in Oakland.
Blue Shield of California’s corporate headquarters in Oakland. An unknown number of Blue Shield members may have had their information compromised in a security breach.
(Getty Images)

Some Blue Shield of California members were recently notified that their personal data may have been compromised by a global cybersecurity breach this spring.

A third-party vendor that provides vision benefits for many of Blue Shield’s customers was one of “thousands of companies and governmental agencies” that were swept up in a global data security breach earlier this year that impacted more than 60 million individuals worldwide, said Mark Seelig, a spokesperson for Blue Shield.

Blue Shield of California members may have had their personal data, including Social Security numbers, stolen during a cybersecurity breach this spring.

Dec. 1, 2023

“Blue Shield took immediate steps to safeguard its network and at this time there is no indication that our systems have been infiltrated or that any data on our systems was inappropriately accessed, used or disclosed,” Seelig said.

The insurance provider did identify “potentially impacted” individuals, who were notified in mid November about their compromised data.

The notification included access to one year of free credit monitoring and the contact for a dedicated customer care center where live agents can assist them.


Members who have questions can call (866) 983-2632, Monday through Friday from 8 a.m. to 7 p.m. Central time, excluding major holidays.

Here are some steps you can take to secure your personal information and minimize the risk of identify theft.

A stolen wallet precipitates a reporter’s years-long fight against identity thieves — and a system that doesn’t care and won’t help.

Oct. 26, 2022

How to protect your personal information now

Review credit reports. The Federal Trade Commission recommends that you review your credit reports and account statements. You can obtain a copy of your credit reports every 12 months from Equifax, Experian and TransUnion, by visiting or calling (877) 322-8228.

When you receive your report, look for credit inquiries that you didn’t initiate or do not recognize as well as inaccurate information such as an incorrect home address or Social Security number.

When reviewing your report, if you see something you don’t understand, call the credit reporting agency at the telephone number on the report.

If you detect any suspicious activity on an account, you should promptly notify the financial institution or the company that maintains the account. You should also report any fraudulent activity or any suspected incidents of identity theft to law enforcement.

Sign up for bank alerts. Most major banks and credit unions offer text or email alerts for big-ticket purchases or when someone tries to open a new bank or credit account in your name.

Update passwords. Bank, email and other sensitive accounts should have unique passwords. If you use the same password for all your online accounts, the accounts are vulnerable.

You can set up a two-factor authentication when available. The option is available on Gmail, for example, and let’s you verify who you are typically by text or an app.

Establish a security freeze. A security freeze prevents new lines of credit from being opened in your name without the use of a personal identification number that is issued when you initiated the freeze.

In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you, including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card and a recent utility bill, bank statement or telephone bill.

The only downside to a security freeze is that it may delay your ability to obtain credit.

Set up fraud alerts. If you were alerted to possibly being a fraud victim, you can set up a fraud alert. You can establish one with Equifax or any of the three major credit reporting agencies, and it prompts lenders to take extra steps to verify your identity before granting new credit. An initial fraud alert is free and will stay on your credit file for at least 90 days.

If you are the victim of fraud or identity theft, you should file a police report and provide police with copies of your credit reports, any relevant correspondence and copies of disputed bills.

For your records, keep a log of your conversations with creditors, law enforcement officials, and other relevant parties.


If you’re a victim of identity thieves or a data hack, you need to act quickly. Here’s what to do to protect yourself.

Oct. 26, 2022