Anthem, America’s second largest health insurer, has lost millions of customer records to hackers.
The attackers stole names, addresses, birthdays and social security numbers of customers from every one of Anthem’s business units.
So far, Anthem has not said how many records were lost or how many people have been affected.
However, security experts believe personal details about tens of millions of people could have gone missing.
Anthem is known to have about 37 million customers using its health plans. A further 32 million people are linked to it through its affiliates.
In a statement, Anthem said it had closed the security vulnerability that had been exploited by attackers as soon as it had learned of it.
The attack had also been reported to the FBI.
Security company FireEye has been hired to help investigate how the attack unfolded.
Anthem said no credit card or bank account details had been taken or any medical information disclosed.
It did not say when the attack had been or how long hackers had had access to its systems.
It has set up a website, called Anthem Facts, to advise customers about the breach and the action it is taking.
Anthem president Joseph Swedish issued an apology and said the company would notify everyone affected.
In addition, the website said, it would offer credit monitoring and ID protection services to customers in case the cyber-thieves tried to profit from the stolen information.
Medical and health companies were warned last year by the FBI about hackers targeting their industry.
That warning followed an attack on the Community Health Systems hospital group, in which millions of records were lost to hackers.
Many other companies outside the medical field in the US, including Sony, Home Depot, Target and Niemann Marcus, have also recently suffered data breaches and losses.