Cyber Incident Victim: Team Alvarez Insurance Services

On August 25, 2021, Team Alvarez Insurance Services, an insurance broker for Blue Shield of California, experienced a ransomware attack that compromised the personal information of 2,858 Blue Shield members. The attack was detected on the same day it occurred, prompting immediate disclosure by Blue Shield of California. Exposed data included member names paired with one or more of the following elements: health insurance information, health plan member ID numbers, dates of birth, email addresses, phone numbers, and physical addresses. Blue Shield confirmed that no Social Security numbers or credit card information were accessed or exfiltrated during the breach. The incident specifically impacted individuals affiliated with Blue Shield, though the total number of affected insurers beyond Blue Shield remained unconfirmed at the time of reporting. Team Alvarez Insurance Services’ role as a broker handling multiple insurers raised questions about broader exposure, but no other insurers had publicly acknowledged involvement by August 26, 2021.

DataBreaches.net contacted Team Alvarez on August 26 to inquire about the total number of impacted insurers and members, the identity of the threat actors, and whether Team Alvarez intended to notify the U.S. Department of Health and Human Services (HHS) on behalf of affected clients. No response had been received by the time of the article’s publication. The ransomware attack had not appeared on any dark web leak sites as of August 26, suggesting data had not yet been publicly distributed or auctioned. Blue Shield’s disclosure did not specify whether ransom demands were made, whether systems were fully restored, or whether third-party forensic investigators were engaged. The lack of additional details from Team Alvarez left critical operational and procedural questions unanswered, including the attack vector, containment measures, and remediation timelines.