Blue Cross and Blue Shield of Illinois Hit with Class Action Over TTEC Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

Blue Cross and Blue Shield of Illinois (BCBSIL) faces a proposed class action over a data breach that reportedly occurred between September 19, 2022 and May 18, 2023.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 39-page case, BCBSIL learned in mid-June 2023 that private information belonging to current and former health insurance policyholders had been disclosed to an unauthorized third party. The insurer’s online notice of the incident, posted on September 5 of this year, specifies that this data was exposed during a call handled by its vendor, TTEC, and was a result of “TTEC employees delegating their calls to non-TTEC individuals.”

The complaint alleges that the data breach was a “foreseeable” result of BCBSIL’s failure to take the necessary precautions required to safeguard policyholders’ information from unauthorized disclosure. More specifically, the lawsuit claims the defendant failed to properly train its employees on cybersecurity protocols or implement industry-standard data security measures.

Information allegedly compromised in the BCBSIL data breach includes consumers’ names, dates of birth, group numbers, subscriber numbers, addresses, phone numbers, claim numbers, medical services information and Social Security numbers, the filing says.

Per the filing, BCBSIL’s alleged cybersecurity failures represent a “flagrant” and “conscious” disregard of the rights of class members, who now face a “lifetime” risk of identity theft, financial fraud and other criminal misuse of their sensitive data.

Moreover, affected individuals have been prevented from taking appropriate protective measures against these risks—such as obtaining identity theft protection services or initiating credit freezes—due to the defendant’s “unreasonably delayed” disclosure of the incident, the suit contends.

The complaint says the plaintiff, a California resident, had no idea her personal information had been compromised until BCBSIL issued a “vague” data breach notice on September 5, 2023, nearly a full year after the security event was said to have commenced. 

The lawsuit seeks to cover anyone whose personally identifying information was compromised as a result of the data breach experienced by BCBSIL beginning on or about September 19, 2022, including anyone who received notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.