NASCO Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating NASCO regarding its recent data breach. The NASCO data breach involved sensitive personal identifiable information belonging to over 3,600 individuals.


NASCO, a wholly-owned independent subsidiary of Blue Cross Blue Shield of Michigan, is a provider of healthcare technology solutions. Founded in 1987, NASCO offers software solutions and technology to health plans to help automate and streamline their processes both internally and for their customers. Included in NASCO’s product offers are the NCompassSM, which consolidates member information, and AI.meSM, an AI tool to help give personalized recommendations to members. For more than 30 years, NASCO has exclusively served Blue Cross and Blue Shield Plans. Headquartered in Atlanta, Georgia, NASCO has an additional office location in Pennsylvania and employs over 500 individuals.


On July 12, 2023, NASCO discovered that it had experienced a data breach in which the sensitive personal identifiable information in its systems may have been accessed and acquired. Through its investigation, NASCO determined that an unauthorized actor may have accessed this sensitive information through a vulnerability in the MOVEit file sharing platform used by NASCO on May 30, 2023. On October 20, 2023, NASCO began contacting individuals whose information may have been impacted. The type of information exposed includes:

  • Name 
  • Social Security number

If you received a breach notification letter from NASCO:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the NASCO data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Enroll in any free credit monitoring services provided by NASCO;
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: