A health insurance provider owes Idaho more than a quarter-million dollars. Here’s why.

Premera Blue Cross, the largest health insurance company in the Pacific Northwest, must pay $10 million to 30 different states, including Idaho, over security breaches that occurred in 2014-15 due to “failure to secure sensitive consumer data,” according to a press release from Idaho Attorney General Lawrence Wasden.

Idaho had more than 270,000 customers affected and will receive $240,000 in the settlement, which will go into Idaho’s Consumer Protection Fund. Overall, 10.4 million people were affected by the breaches.

According to the press release, between May 2014 and March 2015, “cybersecurity vulnerabilities” allowed a hacker access to sensitive information, including Social Security numbers, addresses and bank account information.

“Despite repeated warnings about shortcomings in their systems, the company did not take the necessary steps to resolve those issues,” Wasden said in a statement. “As a result, sensitive information was compromised. This settlement forces the company to take responsibility for sitting on its hands and ensures this won’t be the case again.”

In addition to paying the settlement, Premera Blue Cross must also hire a chief security information officer and take measures to improve its overall security.

Related stories from Idaho Statesman