The membership-based health insurer said two computer servers on which the records were stored were maintained by a third-party vendor and were not properly secured, according to a statement from the Indianapolis-based health insurer. The snafu affected approximately 130,000 customers, according to WellPoint.

WellPoint said that it has notified all possibly affected members and has offered free credit monitoring and customer service support. The insurer said both servers were “not properly secured” in 2007.

WellPoint said both servers are now secured and that it is conducting an internal investigation to find out the cause of the problem.

“We have taken the appropriate steps to secure the data and will continue to work with all vendors to reduce the risk of future incidents,” WellPoint said in a statement. “We are notifying all members who could have been affected by this incident, as well as regulatory officials.”

Filed by Jeff Casale of Business Insurance, a sister publication of Workforce Management. To comment, e-mail editors@workforce.com.