Blue Cross and Blue Shield of Illinois Reports Data Breach Exposed Health and Contact Information for Months

• Leading health insurance company Blue Cross and Blue Shield confirmed suffering a hacking incident
• Unauthorized access was found between November 2024 and March 2025
• The company discovered the breach in February and is notifying the affected 6,903 members

The health insurance company Blue Cross and Blue Shield of Illinois (BCBSIL) suffered a data breach. The company serving health plans to over 8.9 million members in 102 counties is speculated to have been compromised for months between November 8, 2024 and March 5, 2025.

The data of 6,903 members is speculated to have been impacted by unauthorized access. The disclosure pertaining to the Blue Cross and Blue Shield of Illinois data breach read that the company became aware of the security incident on February 11, 2025.

Suspicious activities were traced to BAM, the portal system that allows individuals to check their membership details.

It is worth noting that the hackers continued accessing the company’s data until March this year despite the discovery of the breach in February.

Protected Health Information (PHI) of members is expected to have been accessed to the hackers. However, BCBSIL found no evidence of misuse of the leaked database on the investigations.

Besides PHI, the presently unidentified threat actors gained access to name, address, date of birth, telephone numbers, email addresses, and fax numbers. Moreover, they found their way to health plan beneficiary number, medical record number, account numbers, billing data, and dental service information.

Based on the type of data hacked by threat actors, members were urged to report any notification about new service or transactions to the insurance provider for possible scam.

The BCBSIL hacking was reported to the U.S. Department of Health and Human Services on April 13, 2025.