WellPoint says personal information for about 128,000 of its customers in several states was exposed online over the past year.
The Indianapolis health insurance company has had other data security issues in the past. But spokeswoman Shannon Troughton says it recently learned about the new problem, fixed it and is notifying customers. She says the company has not received any reports of identity theft or credit fraud.
Troughton says the latest security lapse stems from two servers maintained by an outside vendor.
She says the data may have included Social Security numbers and pharmacy or medical information, but it had some code protection and couldn't be found by people using search engines.