Details are coming to light of a major data security breach at Anthem Inc, the second largest medical provider in the US.
These attacks are nothing new, of course, but two things stand out about this one. Firstly, the scale of this attack is massive – up to 65 million Americans could have had their information stolen. This by itself is a major issue.
The other fact that makes this breach stand out is that unlike most generic compromises, the breadth of data that may have been taken is unprecedented. Most standard hacks may result in the capture of debit and credit cards details, and perhaps names, addresses and contact numbers.
Anthem’s breach will may not only give the thieves names, addresses and card details, but they could also get next of kin, bank account numbers, places of employment, job title and similar information. Of course, medical providers hold much more information than most companies because of the nature of what they do.
A skilled identity thief could use this information to take out lines of credit on new cards, and the fraud won’t be noticed for several weeks, meanwhile existing credit and debit cards won’t be seen as compromised.
Details of how the compromise occurred are not yet available, but this will have a profound effect on both Anthem and it’s users. The one crumb of comfort is that the compromise only seemed to affect billing systems, leaving patients’ medical data unaffected.
Those who are concerned that they may have had their information compromised, or wish to find out more, can do so by visiting the page set up by Anthem to deal with enquiries. Anthem have also said that anyone affected will be given access to a standard one year credit monitoring service.
Anthem has also engaged security specialists to help clean up the situation, and the FBI is involved in trying to determine who took the data. However, any self-respecting identity thief will be long gone. The identity of the miscreants may well never be known.
Update, 2/6/15, 3:10pm PST: Less than 24 hours after news of the Anthem cyber theft broke, affected subscribers may have a new worry. They are being targeted by cyber crooks looking to capture Anthem customers’ details for yet more fraudulent activity. Such after-the-breach cyber theft is not uncommon.
The email in circulation, while not particularly complex, does exhibit some of the traits of spam email, including big calls to enter details to get credit protection.