In today's Baltimore Sun, CSEE's Rick Forno offers some early thoughts on yesterday's announced data breach at CareFirst, which affects 1.1 million insurance customers.

According to company officials, attackers gained access to names, birth dates, email addresses and insurance identification numbers. However, the database did not include Social Security or credit card numbers, passwords or medical information.

The information also could be sold on what is known as the dark web, parts of the Internet that cannot be found by search engines, and combined with other data, said Richard Forno, director of the University of Maryland, Baltimore County's graduate cybersecurity program.

"The information they got may or may not be useful directly, but it could help a bad guy get more clues about a person's identity," he said. "That could be useful to an adversary."

In many cases, data breaches can be larger than originally apparent, Forno added.

"As time goes on and the investigation continues, you never know if you'll find other leads that may change your initial assumptions," he said.