NCL warns consumers to beware of phishing attacks in wake of CareFirst Breach, offers tips for spotting and recovering from breach-related fraud – National Consumers League

May 20, 2015

Contact: Carol McKay, NCL, 412-945-3242,

Washington, DC – The National Consumers League (NCL), America’s pioneering consumer advocacy organization, is warning consumers to be on the lookout for phishing attacks in the wake of a data breach at health insurance provider CareFirst affecting 1.1 million consumers. The following statement is attributable to John Breyault, NCL vice president of public policy, telecommunications and fraud: 

“More than a million consumers have been put at heightened risk of fraud due to the data breach at CareFirst. While the breach does not appear to have compromised sensitive information, such as Social Security Numbers, passwords, or medical information, cyber crooks are no doubt busy using the information they did collect to craft convincing-looking phishing emails. These emails, which could include the CareFirst logo and look just like the real thing, may contain links or attachments that install malware or direct consumers to websites designed to steal Social Security Numbers, passwords, and other information that can be used to commit identity theft or other kinds of fraud.

“Once again, we are reminded of the consequences of lax data security at a major health insurance provider. Any investigation of CareFirst’s data security practices should examine what factors enabled this breach to take place and what steps CareFirst and other insurers can take to make their systems more secure. For example, given the known vulnerabilities of the username/password combination and the attractiveness of health care data to cybercriminals, would stronger security techniques like multi-factor authentication have prevented the breach? If the network intrusion was detected in June 2014, as the company has stated, how did the exfiltration of consumer data go unnoticed for nearly a year? Given the spate of data breaches at health insurance providers like Anthem, Primera and now CareFirst, what should Congress, the FTC and other regulators do to ensure that health insurers place a premium of robust data security?”

Tips for CareFirst customers to avoid breach-related fraud

  • CareFirst customers should beware of phishing emails that may seek to trick them in to clicking on suspicious links or attachments. These emails can look very convincing and may reference the CareFirst breach in some way. Clicking on the links or opening an attachment contained in the email can install malware that may be used to obtain additional sensitive personal information such as bank account or credit card numbers, usernames and passwords. CareFirst customers should be aware that the company will contact them via U.S. mail to notify them about further information related to the breach. More information is available from CareFirst at
  • Monitor your credit report and dispute suspicious activity that may occur after inadvertently clicking on a link or opening an attachment in a suspected phishing email. Consumers can download a free copy of their credit report from each of the three major credit-reporting bureaus (Experian, TransUnion and Equifax) at
  • If you suspect identity fraud has occurred, it is important to act quickly. Call one of the three credit reporting bureaus and request an initial fraud alert. This will place alerts on your report at all three credit-reporting bureaus. Once the alert is in place, the credit reporting bureaus will contact you when someone attempts to open credit in your name.
  • If you confirm that you have been a victim of identity fraud, contact the Federal Trade Commission to create and Identity Theft Affidavit. This affidavit can be used to file a police report with your local police department. Together, these two documents form an Identity Theft Report, which is crucial to beginning the process of recovering from identity fraud. More information on spotting, reporting and recovering from identity fraud is available at The FTC also has a useful consumer checklist that includes information and required documentation for creating the Identity Theft Affidavit and police report available online.
  • Do not reply to suspicious emails, as this may lead to additional social engineering attacks. Instead, the safest course of action is to simply delete the email. Consumers can also forward them to the United States Computer Emergency Readiness Team at
  • While the initial reports state that no passwords were compromised in the CareFirst breach, cyber thieves may attempt to test common passwords against accounts associated with your email address, including email services, ecommerce, banking and other accounts. Do not use the same username and password combination across multiple accounts. If stronger security measures such as multi-factor authentication are offered, enable them.


About the National Consumers League

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit