Particle.news

Download on the App Store

Blue Shield of California Discloses Data Breach Affecting 4.7 Million Members

Sensitive health and personal information was improperly shared with Google Ads due to a misconfigured analytics tool, raising privacy and compliance concerns.

LOS ANGELES, CA - MARCH 31: General view of an advertisement billboard for Blue Shield of California during a regular season game between the Arizona Diamondbacks and Los Angeles Dodgers on March 31, 2023, at Dodger Stadium in Los Angeles, CA. (Photo by Brandon Sloter/Icon Sportswire via Getty Images)
Image
Image
Image

Overview

  • Between April 2021 and January 2024, a misconfigured Google Analytics tool on Blue Shield's websites shared protected health information with Google Ads.
  • The breach affected 4.7 million members, exposing data such as insurance details, medical claim dates, provider information, and demographic data.
  • Blue Shield discovered the issue in February 2025 and notified affected members and regulators in April 2025, confirming no malicious intrusion occurred.
  • It remains unclear whether Google deleted the data or complied with removal requests; both companies have declined to comment on the matter.
  • Blue Shield has not provided identity theft protection to members, instead advising them to monitor financial and credit activity for suspicious behavior.