Security Advisor

Millions of Anthem Customers' Data Stolen in Breach

The company said that information including, names, birthdays, addresses and Social Security numbers were taken.

In what looks to be the largest corporate security breach of 2015, health insurer Anthem alerted customers that its system had been compromised and information, including names, addresses, birthdays and Social Security numbers of millions of its customers, has been stolen.

The company said it is still investigating the incident, which is believed to have taken place sometime last week. Anthem sent an e-mail to those who may be affected, alerting them to the situation and the steps the company will take in the coming days.

"Anthem will individually notify current and former members whose information has been accessed,"" wrote Anthem CEO Joseph Swedish in the e-mail. "We will provide credit monitoring and identity protection free of charge so that those who have been affected can have piece of mind."

According to a statement posted on its Web site, once discovering the breach had occurred, Anthem took steps to close the vulnerability and alerted the FBI to the situation. It also has employed security firm Mandent -- a branch of FireEye that specializes in network analysis of breached systems -- for further investigation.

While the full scope of the information that the unknown hackers is still being looked into, Anthem said it does not believe any financial records, including payment information, and medical records were accessed. Also unknown is the number of customers' data stolen. The breach occurred in a database that held the data of 80 million customers.

However, with the information stolen, financial harm could easily occur. Dwayne Melancon, CTO of security firm Tripwire, recommends customers take immediate action to safeguard their personal finances. "Individuals who are affected, or potentially affected, should freeze their credit reports immediately with the three major credit bureaus -- Equifax, Transunion and Experian -- to reduce the risk that anyone can open new lines of credit in their names," said Melancon. "This is also a good reminder that you shouldn't use any of your personally identifiable information as answers to your 'secret questions' to validate your identity online."

Even though this doesn't appear to be the largest high-profile corporate breach in recent years (Target's data breach compromised 40 million customer data and Home Depot's exposed data of 56 million customers), it does look to be the largest incident of this year and should be used as a reminder to companies that customer data security should be a top priority, said Richard Blech, CEO of  Calif.-based Secure Channels, which specializes in encryption technology.

"As the sophistication and capabilities of today's hackers continues to advance, so should the level of encryption that would be required to thwart those capabilities," said Blech. The only technological advancement being acknowledged is the hackers. Security has to grow faster than the rate of a hackers' expertise for everyone's safety. Protect your data with certainty by enveloping it with impenetrable encryption, which leaves the thief with only useless bits and bytes."

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube