Last week health insurance company Premera Blue Cross admitted it was hacked on May 5, 2014. This gave hackers access to the personal records of as many as 11 million of the company’s customers.
Now, documents indicate Premera was given a warning of what was to come weeks before, Fox Business reports.
The federal government reportedly warned the health insurer about its cybersecurity weaknesses on April 17, 2014. According to Fox Business, the Office of Personnel Management performed an audit of the company’s security program as Premera handles the records of federal workers. The investigation made clear that its digital practices were simply not up to snuff.
Specifically, OPM’s auditors warned that several servers contained “insecure configurations” that could let hackers in the door. “Several servers contained insecure configurations that could allow hackers or unprivileged users to insert code that would result in privilege escalation,” the report said. “The escalated privileges could grant the hackers unauthorised access to sensitive and proprietary information.”
Hackers, it seems, discovered these exact vulnerabilities and pounced. They were able to access customer data — which included names, dates of birth, SS numbers, bank accounts information — that dated back as far as 2002. In total, the data represented 11 million of Premera’s current and past customers.
In the wake of this scandal, five class-action lawsuits have been filed, as well as numerous probes from state and federal government officials.
Business Insider reached out to Premera for comment and we will update the post if we hear back.