Share story

BALTIMORE (AP) — Maryland’s largest health insurer says a phishing attack may have exposed the personal information of nearly 7,000 members.

News outlets report CareFirst BlueCross BlueShield said Friday that an employee’s email account was compromised March 12, and could have allowed access to the named, identification numbers and birthdates of up to 6,800 members. The insurer says that while social security numbers could have been taken in eight cases, no medical or financial information was compromised.

CareFirst says there’s no evidence the stolen information has been used, but it’s offering free credit monitoring and identity theft protection to those affected for two years.