The mistake affected patients who had applied for a new health savings account insurance plan, said Gayle Tuttle, a spokeswoman for the Chapel Hill-based insurer. Tuttle said the mailing label on a welcome letter that was sent out to 629 people contained a tracking number with 11 digits, nine of which were the members' Social Security numbers.

As part of a broader bid to enhance data privacy, Blue Cross has been using new subscriber numbers instead of Social Security numbers to identify patients, Tuttle said. Even so, there is still a "linking" that goes on internally between the subscriber IDs and Social Security numbers, and that may have contributed to the error, she said.

The problem was discovered on Jan. 30, and two days later, letters were sent to the affected individuals informing them of the security breach. "We are taking this very seriously," Tuttle said. "But this affects only a very tiny percentage of our members."

In the wake of the incident, Blue Cross is looking at its internal processes to see how such mistakes can be avoided in the future, Tuttle said without elaborating.

The breach at Blue Cross is similar to one involving The Boston Globe two weeks ago and another case involving tax preparer H&R Block Inc. in Kansas City, Mo.