Independence Blue Cross on Friday disclosed a data breach affecting 12,500 of its more than 2.5 million members.
Unlike most high-profile cases of personal data loss, such as the one at Target stores last year affecting 70 million people, the IBC case did not involve computers.
The incident happened in October, when maintenance workers threw out four boxes of member records that were supposed to be moved from one floor to another at IBC's offices, the company said Friday in a legal notice.
The improperly discarded reports contained the names, addresses, member identification numbers, health care plans, and group numbers for members in Southeastern Pennsylvania and in New Jersey, where IBC operates AmeriHealth New Jersey.
IBC, which is based in Center City, said it had received no reports that the information was misused. As a precaution, however, IBC is offering one year of free credit monitoring to 8,800 members whose Social Security numbers were included in the reports, spokeswoman Liz Williams said in a statement. "To reduce the risk of another such incident, we no longer allow our maintenance team to dispose of full boxes in the trash," Williams said.
IBC's data loss followed July's theft of an unencrypted computer containing personal information on 3,780 patients from Temple University Health System during a break-in.