Anthem Hacked: 80 million customers

[sheehs1]

Quote:

Originally Posted by mpeirce I got an email this morning (sent 12:10 AM EST).

I did too. I wasn't going to wait weeks to be contacted. Just knowing how extensive the hack was and the data fields they got was enough for me.

[eytonxav]

Is it better to just put a fraud alert in place initially vs a credit freeze? I realize that is only good for 90 days, but hopefully by then you would get Anthems free credit protection service.

[Corporate ORphan]

Does anyone know if you can freeze your credit on-line or do you have to send some sort of certified letter requesting it?

[Alan]

Quote:

Originally Posted by Corporate ORphan Does anyone know if you can freeze your credit on-line or do you have to send some sort of certified letter requesting it?

I believe that I did mine completely online. I already had accounts set up with the 3 agencies to get my free credit reports each year.

[ulrichw]

Quote:

Originally Posted by sheehs1 I did too. I wasn't going to wait weeks to be contacted. Just knowing how extensive the hack was and the data fields they got was enough for me.

It's fine to be conservative about this, and it's likely that a significant breach took place, but I just wanted to point out that by my reading of the message (and my experience in computer security) I'm pretty sure they don't know either of these things yet.

They probably have enough information to know that the hackers potentially had access to the information they disclosed, but I'm guessing they haven't determined exactly what data the hackers accessed. They're just trying to get ahead of things by making an early announcement to avoid making it seem like they're attempting to cover something up. Also, it looks like they intentionally gave a worst case for data loss - this way, any future announcements they make will seem like good news (e.g., if they say "only 10 million people were affected" that will seem like a small number compared to the 80 million they announced now even though it's still a huge number).

Nonetheless, at least putting a fraud alert on your account costs nothing (unless you're planning on applying for new credit, in which case it could slow things down) and can have a potential benefit, so it doesn't hurt to take those steps.

[sheehs1]

Quote:

Originally Posted by Corporate ORphan Does anyone know if you can freeze your credit on-line or do you have to send some sort of certified letter requesting it?

You can do all three online. I did one online and the others by phone with an automated attendant (believe it or not) for one and another with a live person. But I could just as easily have done them all online.

[Corporate ORphan]

I tried to do a freeze this morning online with Equifax. It took all my info including my credit card and then told me to try back later without giving me a PIN or confirmation number. When I tried back later it told me I had a freeze, did I want to lift it? Now I have been on hold for 30 minutes waiting for a representative (took me 5 minutes to get a phone number for the right live person!) Beware when doing this online. I won't do it again. Next time will be by phone.

[scrabbler1]

I have had different experiences with the 3 agencies.


With Equifax, I tried doing the freeze on line yesterday (Thursday) and just as it was processing my info, I got an error message telling me there was a "problem" and the freeze didn't take. But when I tried to do it again today, the only choices I got were the ones to temporarily or permanently lift a freeze, not place a freeze. This suggests that the freeze I attempted actually worked despite the error message. But when I tried to call them I got put on hold for way too long (anything over 6 or 7 minutes I hang up). I could wait a few days to see if my PIN arrives but I'd rather call first to make sure the freeze is in effect now.


Experian went fine on line. I got the security freeze and printed out the confirmation page. [Sheehs1, was this the one you did on line?]


Transunion I had trouble doing on line. It kept asking me to reset my password but when I tried that it kept asking me a security question I did not set up (name of first pet; I don't own a pet). Then, I tried registering an new account and was able to set one up with a different security question. I got passed that okay but the online processing got fouled up like Equifax's. When I tried it again this morning, I hit those same hurdles again but oddly the security question remained the one about the pet, not the one I chose instead. I can't register a new account because it thinks I have one already. And I can't reset my password because of the dang security question. I tried the phone option and that went just fine - no security question and the whole thing took 2 minutes tops without having to wait for a live person. I'll get some info packet in a few days or so. [Sheehs1, was this the one you did over the phone with an automated attendant, too?]

[sheehs1]

Scrabbler:
Experian IS the one I did online. I did Equifax and Transunion by phone.

i did them in the order they were listed in the link and since I had never done it before, with Equifax being the first one in the list, I called and placed it by phone. Having more confidence, I did Experian online. I didn't particularly like Transunions website so I also did that one by phone. I think it was going to make me set up an account or something….so instead…I simply called.

The phone numbers I got off their websites...if it helps anyone are:

Equifax: 1-800-685-5000 (automate attendant and went smoothly)
Experian: 1-888-397-3742 ( I did this one online and it worked perfectly)
Transunion: 1-888-909-8872 (live person)

I wonder for those having problems online if their systems are bogged down a bit. Last night the media was telling folks to put a credit freeze on their accounts as the data stolen was the data necessary to steal identities.

The Wall STreet Journal and I'm sure others had a bit more detail about the breach, stating the system administrator had noticed a query running he did not initiate, called in the investigators and tracked "the data" to an off site storage facility. The investigators froze the data base there. What they can't know is if that was all the data or if it had been copied and sent somewhere else. The nightly news also said there was already evidence of ANTHEM records being sold and showed a webpage where it was listed. I'm sure perhaps most of you have seen the same info.

[scrabbler1]

Sheehs, thanks for your answers. With Equifax, I wasn't using the phone # your posted but a different one. Yours worked better because I didn't have to wait for a live person. Once I navigated through their phone menu and got to the Freeze options, it turned out that I did have a freeze on the account already so I simply hung up.

[LoneAspen]

Quote:

Originally Posted by Corporate ORphan I tried to do a freeze this morning online with Equifax. It took all my info including my credit card and then told me to try back later without giving me a PIN or confirmation number. When I tried back later it told me I had a freeze, did I want to lift it? Now I have been on hold for 30 minutes waiting for a representative (took me 5 minutes to get a phone number for the right live person!) Beware when doing this online. I won't do it again. Next time will be by phone.

Same for me. I verified all the info, put in my payment info, and then the next screen said something like "we couldn't process your request, try again later".

I called and was on hold for about 15 minutes and the lady that finally answered confirmed who I was, and said the freeze took effect and they'd mail out the PIN or confirmation number, and it should arrive in a few days.

One down, two to go...

[truenorth418]

Froze my Experian report on their website with no problem.

Equifax site was slow and completed the process without giving me my personal ID number, so I had to complete that one over the phone (which required answering a bunch of questions for their customer service rep). They will send me my personal ID number in the mail.

TransUnion freeze page would not even open for me. Maybe they are overwhelmed with requests due to the Anthem theft. I called their toll free line and completed the freeze process on the phone in less than 60 seconds.

Hopefully that will take care of unauthorized credit cards and such.

On the other hand, given the frequency and breadth of these breaches, I am becoming more concerned about someone hacking into the sites of Schwab, Vanguard, Fidelity, etc and literally emptying peoples' accounts. I don't see how multi-factor authentication or brokers' "guarantees" would prevent havoc of that nature.

Anthem CEO's announcement said: "We have state-of-the-art information security systems to protect your data." If true, then state of the art isn't good enough and no one's data is safe anywhere.

[explanade]

Had no problems on all 3 sites yesterday.

Problem is that when they use the data, they have to decrypt it so a lot of the time it's exposed on their network.

I don't know if there's a way to get credit or get insurance or bank accounts with your social security number.

We really need a way to tokenize our main form of ID so that instead of giving your social security number to parties who can lose it, we give a temporary number that is linked to your social security which only you know about and can revoke.

That is what Apple Pay does, so you don't give out your actual credit card number.

[GrayHare]

What state-of-the-art failsafe absolutely stops a hacker from unfreezing your freeze?

[MRG]

Quote:

Originally Posted by GrayHare What state-of-the-art failsafe absolutely stops a hacker from unfreezing your freeze?

It's just a bit(s) somewhere in many TBs of data. All you have to do is get through the security layers and turn all the correct bit(s) in the right direction. Should be easy. Don't forget to clean up all the recovery logs/audit to cover up that change.

[sheehs1]

Quote:

Originally Posted by GrayHare What state-of-the-art failsafe absolutely stops a hacker from unfreezing your freeze?

I wondered the same thing GrayHare. The only thing stopping them is the PIN number because they have all the "other" data.

Experian also suffered a data breach in Nov 2013. Wonder if they got PIN numbers? I need to read up on that breach.

I guess nothing is fail safe at the moment. Perhaps just another level of some sort of protection. It should keep the person at the doctor's office from stealing your identity.
Don't know about serious hackers.

Exclusive: U.S. states probing security breach at Experian unit | Reuters

[Bikerdude]

Quote:

Originally Posted by DFW_M5 Given the information that was supposedly hacked, I think they should provide identity theft protection, not just credit monitoring. Edit - just went to their website and identity protection service will also be included

+1. IMO because it was SS numbers that were hacked they should provide identity protection for life.

[eytonxav]

Quote:

Originally Posted by Bikerdude +1. IMO because it was SS numbers that were hacked they should provide identity protection for life.

And they should do that for all family members since they had insured DW, DS and DD as well.

[wildcat]

more scammers have started to pile on....some emails are going around with links/etc for id protection. these are fake so be careful. you will be offered id protection and "officially" notified by letter.

the others are right, freezing is your best option.

[LoneAspen]

Not a fan of more government regulation, but this is getting out of hand.

I bet if there was an automatic financial penalty for not securing confidential customer data, and letting it get stolen via hacking, these institutions would put in sophisticated measures to prevent it.

Right now, there's just not enough penalty.

Fine them $100 per person (which doesn't sound like a lot) whose data was hacked, not subject to appeal. Anthem has 80 million peoples' data stolen because they didn't secure it well enough? Automatic $8 billion fine, not negotiable.

Draconian? Yep. But I bet these companies would do everything they could to stop it then.

Put the screws to these idiots and make them bleed cash, and they'll find a way to stop it.