Health insurer Anthem says hackers infiltrated its computer network and accessed a swathe of personal information about current and former customers including their incomes and street addresses.
In a statement, Anthem President and CEO Joseph R. Swedish called the cyberattack "very sophisticated."
The company said credit card information wasn't compromised and so far it has not found evidence that medical information such as insurance claims and test results was targeted or obtained.
Stolen information did include customers' names, birth dates, social security numbers, street addresses, email addresses and employment details including income.
"Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. Anthem has also retained Mandiant, one of the world's leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape."
A website was set up to provide information to customers who may have been affected. The company said in a tweet it was contacting members by mail and offering free credit monitoring.
"Anthem's own associates' personal information - including my own - was accessed during this security breach," Swedish said. "We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data."