On March 20, 2017, Humana became aware of an increase in sign-in errors to Humana.com and Go365.com. These were the result of numerous automated attempts to sign in to Humana.com and/or Go365.com. Humana blocked the Internet Protocol (IP) addresses involved on the same day.
Subsequent attempts were made from March 22—March 25. Humana responded by forcing password resets, deploying new alerts of successful and failed sign ins and locked accounts, as well as deploying a series of technical controls to enhance web portal security.
Based on the facts, Humana determined an identity spoofing event had taken place. Identity spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal, such as use of stolen/spoofed authentication credentials to impersonate a user. Personal financial information and Social Security Numbers are not contained on these sites and were not disclosed. The information that may have been disclosed includes:
- Medical, dental and vision claims
- Spending account information
- Biometric screening information
If members who receive notification letters have any questions, they should contact Humana Customer Care at 1-866-4ASSIST (1-866-427-7478). If members have a speech or hearing impairment and use a TTY, they may call 1-800-833-3301.
Humana is deeply committed to protecting personal information and keeping it secure. We regularly update and enhance security systems to ensure private information is kept secure, taking every prudent step to employ the latest cyber-defense tools and technologies.
Since the perpetrators had in their possession valid sign-in credentials obtained from an unknown source, we encourage members to vary their sign-in Humana member ID and password across all web and mobile application accounts.