CareFirst BlueCross BlueShield reported that, on March 12, 2018, an employee within the company took action on a phishing email and, as a result, may have exposed the personal information of 6,800 of the insurer’s members. The employee’s account was used to send spam emails to recipients who are not associated with CareFirst. The unauthorized access of the employee’s email account could have potentially exposed CareFirst member names, identification numbers, and dates of birth. Eight members’ Social Security numbers may have also been exposed. CareFirst is offering two years of free credit monitoring and identity theft protection services to affected members. The NJCCIC recommends affected members take advantage of the free credit monitoring and identity theft protection services offered.