More people were impacted by last month's Heatlhcare.gov data breach than previously thought, according to an update from the Centers for Medicare & Medicaid Services (CMS).
The agency reported a final total of 93,689 people whose information was compromised during an Oct. 16 data breach that targeted the Direct Enrollment pathway used by insurance agents and brokers. Initial reports estimated the breach impacted 75,000.
"CMS has reached out to all affected consumers by phone and mailed notification letters to offer free credit protection and additional services to prevent and/or remediate issues arising from unauthorized use of data exposed as a result of the breach, including identity monitoring services, identity theft insurance, and identity restoration services," CMS spokesperson Jonathan Monroe said in a statement.
In a letter (PDF) sent to consumers last week, CMS said it noticed "a number of agent and broker accounts engaged in excessive searching for consumers, and through those searches, had access to the personal information of people who are listed on Marketplace applications." The letter said accessed information included names, dates of birth, address, sex and the last four digits of Social Security numbers.
The breach forced CMS to shut down the Direct Enrollment pathway for a week while investigating the suspicious activity it noticed on the portal. Monroe said the agency has added to security measures to ensure consumer information is safe.
The Office of Inspector General is currently investigating the breach.