Anthem Hacked: 80 million customers

A couple of searches shows what are claimed to be the largest in the world. I'm sure there are bigger numbers that aren't disclosed. 80 million records is really small compared to some of these. Of course if were my personal data I only care about a subset.

As someone else mentioned Anthem probably gave what they consider the worst case.

http://csnipuntech.blogspot.com/2014/05/top-10-largest-databases-in-world.html?m=1

This one for a SAP warehouse would be an immense challenge to do maintenance or recovery work on.

https://blogs.saphana.com/2014/03/05/guinness-world-record-largest-data-warehouse/
 
Thanks for the links MRG. Yes…80 million records compared to the databases in the links is small, relatively speaking.

I have an information systems degree (2nd degree) , programmed for a while, automated our family business with an AS400 (RPG3), customized enterprise software, ran querys, etc. It is mind blowing to me that in this day and age and with the escalation of cyber attacks that ANY company with sensitive customer data has not encrypted the data….especially Social Security Numbers. All the laws and regulations in the world don't matter (HIPPA regulations) if those holding the data don't secure it.
 
Actually new reports suggest that the attack started as a phishing expedition against the system administrators to try to get their credentials. This was apparently a group of 5 folks that were targeted.
 
meierlde said:
Actually new reports suggest that the attack started as a phishing expedition against the system administrators to try to get their credentials. This was apparently a group of 5 folks that were targeted.
Click to expand...

Is there a conflict between the two reports?
 
Yesterday's Diane Rehm Show (NPR) had cyber security experts that discussed the Anthem (as well as other public and private systems) breach. It was a fascinating roundtable discussion and if you can look it up (aired on Feb 10) and listen I highly recommend it. What is most terrifying about the breach is that the consequences of obtaining SSNs and birthdays and other identifying info (medical conditions, etc) will be a problem for many years to come. It is isn't just that someone steals your identity to get credit. With this data, people can high jack your ID for obtaining expensive medical care, state and federal tax refunds, etc. It it can happen 10 years from now because that data is out in cyber world being sold to rouge countries and cyber criminal organizations. Also, they did discuss the problem of having little to no consequences for businesses that don't protect private citizen's information.

Really scary stuff. I think I'm going to encourage my DS to study cyber security. There must be a strong job market now and in the future for that.

Editing to add: One of the panelist on the show mentioned that Anthem now believes the breach occurred as early as April 2014 but was only more recently discovered.
 
Last edited:
Live Free said:
What is most terrifying about the breach is that the consequences of obtaining SSNs and birthdays and other identifying info (medical conditions, etc) will be a problem for many years to come. It is isn't just that someone steals your identity to get credit. With this data, people can high jack your ID for obtaining expensive medical care, state and federal tax refunds, etc. It it can happen 10 years from now because that data is out in cyber world being sold to rouge countries and cyber criminal organizations. Also, they did discuss the problem of having little to no consequences for businesses that don't protect private citizen's information.
Click to expand...

This is the exact reason I believe Anthem should provide LIFETIME identity protection to everyone whose SS# was hacked. Class action suit anyone?
 
Bikerdude said:
This is the exact reason I believe Anthem should provide LIFETIME identity protection to everyone whose SS# was hacked. Class action suit anyone?
Click to expand...

Class action has already been prepared by one (ahem) "industrious" Indiana law firm. Only 12 HOURS after official announcement. And before any details of the mechanism of the breach were known, inc whether it was result of negligence or criminal acts.
Anthem data breach already sparks class-action lawsuit | 2015-02-05 | Indianapolis Business Journal | IBJ.com

Maybe the FEDS should provide that lifetime identity protection to all since gov't is the biggest offender. Two of the largest HC data hacks have been at the VA (multiple) and TRICARE.
VA data breach 'practically unavoidable,' memo says
TRICARE breach puts 4.9M military clinic, hospital patients at risk | Healthcare IT News
And the IRS still cannot stop BILLIONS$ in stolen taxpayer income tax refunds.
Tax refund fraud to hit $21B, and there's little the IRS can do
 
Just heard on the local news that Anthem is planning on offering 2 yrs. of credit monitoring if you were affected. Seems inadequate for the information hacked IMO.
 
I think we've reached the point where credit monitoring should be free and available to everyone with a SS number. Not holding my breath.
 
MichaelB said:
I think we've reached the point where credit monitoring should be free and available to everyone with a SS number. Not holding my breath.
Click to expand...

Agree. Really upset about this and all the other hacks but mainly any hack that obtained SSN numbers considering the long term risks and implications.
 
We have not received a letter from Anthem yet, but they are our current health insurance provider so we immediately froze our credit. If our SS number and other information make it out into the open, then we'll have to be on our guard for the rest of our life. I am really irritated by this, to put it politely. And Anthem's response so far has been nothing more than a shrug. Free credit monitoring for 2 years? Pfff, you must be joking. The scary part is that those same people are also in charge of what I regard as the most private of records, my medical record. Confidence in their ability to safeguard that information is low.
 
Gumby said:
This is the letter Anthem wrote yesterday in response to our Attorney General here in CT prodding them on what they would do.

http://www.ct.gov/ag/lib/ag/press_releases/2015/20150211_anthemresponsetoctag_doi.pdf


and his two earlier letters to them

http://www.ct.gov/ag/lib/ag/press_releases/2015/20150210_anthembreach.pdf

http://www.ct.gov/ag/lib/ag/press_releases/2015/20150205_anthemdatabreachletter.pdf
Click to expand...

Gumby, thanks for the link.

The Anthem FAQ is interesting. The way I read it, there is a key difference between the response by Target, HD and others - they offered one year of credit monitoring to everyone, while Anthem is going to indicate which members will be protected, contacting them by mail. This isn't good news, leaving lots of folks unsure and wondering what to do.

BCBS BlueCard members nationwide are among the affected, even if their policy is not issued by Anthem. From the healthcare threads last year I'd say that hits a number of us.
Yes, BlueCard members are impacted. The Blue Cross and Blue Shield Association's BlueCard is a national program that enables members of one Blue Cross and Blue Shield Plan to obtain healthcare services while traveling or living in another Blue Cross and Blue Shield Plan's service area. The program links participating healthcare providers with the independent Blue Cross and Blue Shield Plans across the country and in more than 200 countries and territories worldwide through a single electronic network for claims processing and reimbursement.
Click to expand...
http://www.anthemfacts.com/faq
 
This is what I'm afraid of. The database was so large, it probably did include every BCBS customer in the country. But no one will come out and admit it.

So they are focused on contacting their members, but say nothing about the contacting people in unaffiliated BCBS plans whose information may also have been compromised?

BCBS of Texas says they are working with anthem to find out if any of their customers are affected. So we should expect to hear from BCBS TX one of these days I guess.
Alerts and Announcements | Blue Cross and Blue Shield of Texas - Information Regarding Anthem Data Breach
 
Last edited:
I had my ID compromised late last year (SSN, DOB, thewholeballofwax) and while it stinks, at least I didn't lose any $$$ and didn't die of a heart attack during the process.


There are worse things in life than having your ID stolen.
 
audreyh1 said:
This is what I'm afraid of. The database was so large, it probably did include every BCBS customer in the country. But no one will come out and admit it.
Click to expand...
The link is from Anthem, the quote from the CO. It's official - at the very least, our SS#, address and birthdate were part of the breach.

Anthem CEO letter http://www.anthemfacts.com/
 
oh, and I have a blue card - but my credit is still locked from the incident

:dance:
 
Live Free said:
Editing to add: One of the panelist on the show mentioned that Anthem now believes the breach occurred as early as April 2014 but was only more recently discovered.
Click to expand...

interesting
 
MichaelB said:
The link is from Anthem, the quote from the CO. It's official - at the very least, our SS#, address and birthdate were part of the breach.

Anthem CEO letter http://www.anthemfacts.com/
Click to expand...

This is what BCBS TX says - they aren't really spelling it out, indicting they're still trying to determine if their customers have been affected.
Alerts and Announcements | Blue Cross and Blue Shield of Texas - Information Regarding Anthem Data Breach

But I guess we'll probably hear from them in a week or so.
 
audreyh1 said:
This is what BCBS TX says - they aren't really spelling it out, indicting they're still trying to determine if their customers have been affected.
Alerts and Announcements | Blue Cross and Blue Shield of Texas - Information Regarding Anthem Data Breach

But I guess we'll probably hear from them in a week or so.
Click to expand...
Florida Blue notice is here and they added a Q&A here . Both communications (Tx and Fl) are evasive. This "Don't call us, we'll [-]call you[/-] sent you a letter" leaves too much unresolved. They're asking us to trust them, they'll let us know if we have something to worry about?
 
Gumby said:
This is the letter Anthem wrote yesterday in response to our Attorney General here in CT prodding them on what they would do.

http://www.ct.gov/ag/lib/ag/press_releases/2015/20150211_anthemresponsetoctag_doi.pdf


and his two earlier letters to them

http://www.ct.gov/ag/lib/ag/press_releases/2015/20150210_anthembreach.pdf

http://www.ct.gov/ag/lib/ag/press_releases/2015/20150205_anthemdatabreachletter.pdf
Click to expand...

Interesting letters and the second one from the Attorney General was quite specific. Anthem's response was not and little additional information could be gleaned from their response.

Hope all the Attorney Generals from all states responding appropriately.

Have been an Anthem or Blue Cross Blue Shield or some affiliate customer for decades. Can't imagine the hack didn't get me or all of us that have affiliations for that matter. :mad:

Wonder if the other insurers are "rushing" to encrypt their data.
 
Last edited:
They're asking the correct questions. Anthem possibly lost PHI. There's big money at stake, well not enough, when you consider the costs of securing our data vs. the costs to all of us.

HIPPA allows for possible jail time for people that showed "willful neglect". The only way to make preventable breaches go away is for the correct people to get severely penelized. IMHO nothing better for the regulators to show an industry you mean business by putting C level execs in orange jumpsuits.
 
Well I had just enrolled with Anthem in December through the CA exchange.

But I also had Anthem BC as administrator for my employer plans, though under a different email address, so my data probably would have been exposed if they really stole it in 2014.

OTOH, no evidence of identity theft yet like credit taken out with my SS. Maybe credit freeze was overly cautious.
 
MRG said:
They're asking the correct questions. Anthem possibly lost PHI. There's big money at stake, well not enough, when you consider the costs of securing our data vs. the costs to all of us.

HIPPA allows for possible jail time for people that showed "willful neglect". The only way to make preventable breaches go away is for the correct people to get severely penelized. IMHO nothing better for the regulators to show an industry you mean business by putting C level execs in orange jumpsuits.
Click to expand...

From news reports this is not a HIPPA issue as the data breached was financial and not health records.
But I fully agree those responsible should be held accountable....Just not holding my breath. Those of us vets who had financial, and in some cases actual PHI, breached years ago by VA are still waiting for accountability. And VA has still not fully addressed its underlying issues.

FWIW- does no one else find it rather strange that we are all rushing to put our trust in credit freezes with a huge credit firm (Experian) that has (allegedly) been hacked recently for up to 200 million SSAN's...and cannot even tell who those folks are to notify them?!? I can find no offer of ANY identity theft protection being offered by that company for that data breach- or even waiving their normal credit freeze fees.
States Investigating Data Breach at Experian: Report - NBC News

IMHO- As troubling as these specific incidents are, these cases are symptomatic of the MUCH larger issue of globally lax cybersecurity.
 
You must log in or register to reply here.

Similar threads

jollystomper
Financial Advice Columnist falls for $50K scam
4 5 6
Replies
134
Views
10K
Koolau
Koolau
Qs Laptop
I Wonder Why Brick and Mortar Stores are Losing Customers?
3 4 5
Replies
101
Views
7K
RetMD21
R
Amethyst
Anyone Holding Templeton Emerging Market Fund/Seeking 1099 Info
Replies
16
Views
555
Amethyst
Amethyst
Koolau
BFF 0.5 Million In Debt at 79 Has Passed Away
2 3 4
Replies
92
Views
10K
Koolau
Koolau
Franklin
Be Careful Inserting your CC. Wild story!
2 3 4
Replies
98
Views
6K
Franklin
Franklin

Latest posts

Back
Top Bottom