WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer’s records.
The Indianapolis company said the problem stemmed from an online program customers can use to track the progress of their application for coverage. It was fixed in March.
Spokeswoman Cynthia Sanders said an outside vendor had upgraded the insurer’s application tracker last October and told the insurer all security measures were back in place.
But a California customer discovered that she could call up confidential information of other customers by manipulating Web addresses used in the program. Customers use a Web site and password to track their applications.
WellPoint learned about the problem when the customer filed a lawsuit about it against the company in March.
"Within 12 hours of knowing the problem existed, we fixed it," said Sanders, who declined to identify the outside vendor.