Anthem Hacked: 80 million customers

[sheehs1]

I'm sure most of you know that Anthem healthcare was hacked and 80 million customer and employee records were compromised. Supposedly the hackers did not get financial information but did get SSN numbers, names, addresses, etc. I received an email from Anthem last night and am concerned about identity theft. I'd put a link in this but it is all over the internet and media.

For those of you that put on credit freezes or took steps to protect your identity can you let me (all of us) know the steps you took and/or what companies you used if you were not able to do some of this yourself(Lifelock??).

 

[mpeirce]

Most people can do this themselves without paying a middleman. There are three companies you need to deal with: Equinox, Experian, and Transunion. Here's a decent guide to doing this:

Credit Freeze and Thaw Guide | www.clarkhoward.com

 

[explanade]

They said they'll contact affected people and offer credit monitoring.

That's not as proactive as doing the credit freeze?

You have to pay to freeze and then to thaw later?

 

[Chuckanut]

Credit freezes are easy to do. Just make sure you right down that code to thaw the account and store it where you know it will be safe. And make certain you can remember where you stored it.

Credit monitoring is like closing the barn door after the horse has left, and then looking for clues as to where the horse might have gone.

 

[explanade]

Looks like they charge $10 to freeze and what, another $10 to thaw?

Times 3 for the 3 credit bureaus?

 

[Chuckanut]

Looks like they charge $10 to freeze and what, another $10 to thaw?

Times 3 for the 3 credit bureaus?

Not quite. The price varies by state. Usually, it is for a round trip, so the $10 would be for a freeze and a thaw. Or they simply say the thaw is free. Some states are as little as $3, IIRC. And some are free if one is over 65.


I usually put a time limit on the thaws, say for a week or two, do all my credit bureau type stuff and then let the account re-freeze automatically. It's a bit of a pain, but nothing compared to getting one's credit identity stolen or misused. Now that is a real headache and can cost a lot if one needs to involve a lawyer.

 

[mpeirce]

I usually put a time limit on the thaws, sayr for a week or two, do all my credit bureau type stuff and then let the account re-freeze automatically. It's a bit of a pain, but nothing compared to getting one's credit identity stolen or misused. Now that is a real headache and can cost a lot if one needs to involve a lawyer.

Also, you don't necessarily have to thaw all three.

The only time I ever have thawed my account was for identity confirmation. In this case I knew which company they were using, so I just thawed that one. $10 - NBD

 

[Chuckanut]

Interestingly, in most states one cannot freeze his/her children's accounts. So identify thieves will often impersonate a young person.

The young victims may not know about it until they turn 18 and apply for credit themselves, or somebody shows up at the door with a warrant for their arrest, a court summons, or other nasty surprise. Not so good.

 

[sheehs1]

Chuckanut and others: Do most of you think this is the primary way to prevent your identity from being stolen? It certainly prevents anyone from obtaining a loan, a credit card or from opening an account in your name.
Also I assume that once "the hacker" determines your credit has been frozen, they may drop the effort on that SSN?

 

[explanade]

Yeah do you have to only temporarily thaw for an indefinite amount of time?

Equinox says $10 to temporarily or permanently thaw or thaw for a specific party.

When you apply for credit cards, you're not going to know which bureau they use?

 

[Onward]

There are three companies you need to deal with: Equinox, Experian, and Transunion.

Equifax?

 

[mpeirce]

Equifax?

yeah

Sorry, but I blame automatic spelling correction

 

[sheehs1]

I just finished putting credit freezes on the three credit reporting agencies. That should take care of the credit side. Thanks mpeirce for the link. Now will look into Lifelock to protect the debit side. A friend just told me it saved him this year when someone counterfeited a check.

I'm getting a bit more serious about this now...

 

[Readyforachange]

Most people can do this themselves without paying a middleman. There are three companies you need to deal with: Equinox, Experian, and Transunion. Here's a decent guide to doing this:

Credit Freeze and Thaw Guide | www.clarkhoward.com

Thanks for the link, it's most useful.


Sent from my iPad using Early Retirement Forum

 

[MRG]

Thanks for the link, it's most useful.


Sent from my iPad using Early Retirement Forum

+1
An additional question, for anyone, do both parties of a married couple have to freeze their credit separately? DW has a CC account in her name only, we did that a while ago thinking she would have credit history whenever I depart.

 

[someguy]

Has anyone received notification directly from Anthem? It'd be useful to know when these go out en masse.

 

[mpeirce]

Has anyone received notification directly from Anthem? It'd be useful to know when these go out en masse.

I got an email this morning (sent 12:10 AM EST).

 

[ulrichw]

A couple of things on this.

I'm a current Anthem customer and all I've received is a generic letter with pretty much the information in the press. It said that it may take weeks for the individual messages to be sent.

I believe they probably don't even know what information was leaked, just that it could possibly have affected as many as 80m records (which pretty much sounds like the entire population they've managed for some period of time)

It sounds like they're going to try to narrow down who it really affected and send specific notifications only to those individuals.

It may be difficult for them to figure out exactly who was affected, so they may end up having to contact many people whose data wasn't actually leaked, just on the possibility that it might have been lost.

You can see a copy of the letter and more info at a website they've set up for info on this: www.anthemfacts.com

 

[eytonxav]

Given the information that was supposedly hacked, I think they should provide identity theft protection, not just credit monitoring.


Edit - just went to their website and identity protection service will also be included

 

[Alan]

An additional question, for anyone, do both parties of a married couple have to freeze their credit separately? DW has a CC account in her name only, we did that a while ago thinking she would have credit history whenever I depart.

Yes, each person I believe has their own credit report.

I froze mine a couple of years ago after my card was cloned and used to the tune of $23k, but it did not stop DW from getting a card in her own name on her own record last year.

I started a new wireless/data plan with AT&T last month and they said it required a credit check, so I asked which firm they used, and while they were still on the phone went online (Experian?) and did a temporary unfreeze, cost $10.

It was the first time I'd done an unfreeze so was pleased that it was very easy to do.

 

[sheehs1]

I got an email this morning (sent 12:10 AM EST).

I did too. I wasn't going to wait weeks to be contacted. Just knowing how extensive the hack was and the data fields they got was enough for me.

 

[eytonxav]

Is it better to just put a fraud alert in place initially vs a credit freeze? I realize that is only good for 90 days, but hopefully by then you would get Anthems free credit protection service.

 

[Corporate ORphan]

Does anyone know if you can freeze your credit on-line or do you have to send some sort of certified letter requesting it?

 

[Alan]

Does anyone know if you can freeze your credit on-line or do you have to send some sort of certified letter requesting it?

I believe that I did mine completely online. I already had accounts set up with the 3 agencies to get my free credit reports each year.

 

[ulrichw]

I did too. I wasn't going to wait weeks to be contacted. Just knowing how extensive the hack was and the data fields they got was enough for me.

It's fine to be conservative about this, and it's likely that a significant breach took place, but I just wanted to point out that by my reading of the message (and my experience in computer security) I'm pretty sure they don't know either of these things yet.

They probably have enough information to know that the hackers potentially had access to the information they disclosed, but I'm guessing they haven't determined exactly what data the hackers accessed. They're just trying to get ahead of things by making an early announcement to avoid making it seem like they're attempting to cover something up. Also, it looks like they intentionally gave a worst case for data loss - this way, any future announcements they make will seem like good news (e.g., if they say "only 10 million people were affected" that will seem like a small number compared to the 80 million they announced now even though it's still a huge number).

Nonetheless, at least putting a fraud alert on your account costs nothing (unless you're planning on applying for new credit, in which case it could slow things down) and can have a potential benefit, so it doesn't hurt to take those steps.