SCHUMER URGES CONGRESS TO BRING THE CYBERSECURITY BILL TO THE FLOOR & HIGHLIGHTS THE NEED FOR UNIVERSAL DATA BREACH NOTIFICATION STANDARDS, IN WAKE OF EXCELLUS BLUECROSS BLUE SHIELD CYBERATTACK; SENATOR SAYS WITH THE HEALTH & FINANCIAL INFORMATION OF APPROXIMATELY 10 MILLION PEOPLE EXPOSED, MORE PROTECTIONS NEED TO BE IN PLACE

SCHUMER URGES CONGRESS TO BRING THE CYBERSECURITY BILL TO THE FLOOR & HIGHLIGHTS THE NEED FOR UNIVERSAL DATA BREACH NOTIFICATION STANDARDS, IN WAKE OF EXCELLUS BLUECROSS BLUE SHIELD CYBERATTACK; SENATOR SAYS WITH THE HEALTH & FINANCIAL INFORMATION OF APPROXIMATELY 10 MILLION PEOPLE EXPOSED, MORE PROTECTIONS NEED TO BE IN PLACE

Schumer Urges Colleagues To Bring Cyber Security Bill To The Floor; Congress Should Further Strengthen Cyber Protections that Prioritize Notifying Victims Of Data Breaches

U.S. Senator Charles E. Schumer recently urged Congress to bring the cybersecurity bill to the floor and to prioritize the need for universal data breach notification standards. Schumer’s push comes after reports that Excellus BlueCross BlueShield, a Rochester-based health insurance provider, announced it discovered last month that it experienced a data breach in December 2013 that compromised the personal information of approximately 10 million people.

“Excellus BlueCross BlueShield now joins a long list of companies that have been the victim of a cyberattack, including Target, JP Morgan, SONY, and countless others. The fact that this data breach was not discovered for 19 months just goes to show how sophisticated online hackers are and how much work we have to do when it comes to protecting our personal information,” said Schumer. “So I am urging my colleagues in Congress to strengthen consumer cyber protections and require companies to notify their customers if there has been a breach of their personal information in a timely matter so they can take action to ensure they are not the victim of identity theft. In addition, we need intelligence and law enforcement agencies to work together to share information of potential cyber threats to prevent another attack. When it comes to the personal information of New Yorkers – be it their Social Security number, their health records, or financial information – we can never be too safe.”

Earlier this month, Excellus BlueCross BlueShield hired cyber security experts to determine the strength of their online network’s security. It was then that the experts revealed Excellus BlueCross BlueShield had been hacked in December, 2013 prompting Exellus to immediately reported the attack to FBI officials. Although it is not yet known whether the customers’ personal information was used inappropriately by hackers, Schumer said the mere possibility that health records and personal information was left out in the open months is evidence more protections are needed.

Schumer said strengthening cyber protections is necessary, especially with the proliferation of companies using online servers to house sensitive customer data such as financial records, health information, and Social Security numbers. Today online networks are used by power utility companies, banks and telecommunication companies, hospitals, insurance companies and more protect a considerably high amount of our personal information, the spate of cyberattacks in recent years is particularly alarming. Last year alone, one third of New York residents fell victim to a data breach of some sort.

Schumer said if the reports of Excellus BlueCross BlueShield are verified and the personal information of 10 million customers is exposed, it will be one of the largest widespread cyber breaches in recent memory. Since Excellus BlueCross BlueShield is an insurance provider, they have a comprehensive set of consumer data including Social Security records, health and financial records and contact information. Schumer said acquiring just a piece of someone’s records could lead to serious identity theft.

Schumer has long advocated for increased cyber security. In July of this year, he urged the Commerce Department to rewrite a proposed rule that would limit private companies from using software to test the strength of their networks. Schumer said preventing companies from testing their networks would leave them exposed to a potential attack. At Schumer’s urging, the Commerce Department announced they would rewrite the rule in consultation with cyber security experts to ensure companies would be able to use software to test the security of their networks.

###