A US health insurer has admitted it has been hacked and the data of 1.1 million of its customers exposed.
CareFirst, which operates in several US states, is the third such company to fall victim to hackers.
The breach took place in June last year but was only recently discovered.
It follows similar attacks at Blue Cross, which had 11 million customer records stolen, and Anthem, which lost 80 million records.
The CareFirst database accessed included member names, birth dates, email addresses and identification numbers.
It did not include social security numbers, medical claims, employment , credit card or financial information, the company said.
"We deeply regret the concern this attack may cause," CareFirst chief executive Chet Burrell said.
"We are making sure those affected understand the extent of the attack - and what information was and was not affected."
CareFirst has 3.4 million customers and operates in Maryland, Virginia and the District of Columbia.
In February, Anthem - America's second largest health insurer - revealed that it had been the victim of a "very sophisticated external cyber-attack" in which data of millions of its customers had been stolen.
Investigators looking into the breach told US newspapers the methods used in it resembled earlier attacks blamed on China, an accusation denied by the Chinese authorities.