Anthem Data Breach Could Affect Millions of Consumers

Attackers have compromised Anthem Inc., one of the larger health-care companies in the United States, gaining access to the Social Security numbers, birth dates, names, employment and income data and other personal information of an untold number of customers.

The company says it is not sure yet how many customers are affected, but Anthem claims to have 69 million customers across its product lines. In a statement, Anthem, which was previously known as WellPoint Health Networks, said that the company was the victim of a targeted, sophisticated attack.

“Anthem was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” CEO Joseph Swedish said in a statement.

Swedish said the company is cooperating with the FBI and has hired Mandiant to investigate the attack, as well. Anthem said in in an FAQ that all of the company’s product lines are affected by the breach.

Given the size of the Anthem customer base, this could turn out to be one of the larger data breaches in U.S. history. The scope of the information the attackers obtained could give them broad access to victims’ personal lives.

“If confirmed, we are dealing with one of the biggest data breaches in history and probably the biggest data breach in the healthcare industry. If you are wondering what it means for individuals, in a few words: it is a nightmare,” said Jamie Blasco, vice president and chief scientist at AlienVault. “

If the attackers had access to names, birthdays, addresses and social security numbers, it means that information can be easily used to carry out identity theft schemes. It is yet unclear who is behind the attack, but if the group behind that compromised Anthem and plans to sell that information on the black market, it means cybercriminals can buy  access to the stolen data and use that information to drain your bank account, open new credit accounts and telephone accounts or even utility accounts. They can even obtain medical care using your information.”

The one bright spot is that the attackers don’t appear to have had access to customers’ credit card information.

Suggested articles

Discussion

  • Michael on

    It will be interesting to see the fallout of this one. Interestingly enough the Anthemfact domain was registered in December 2014.
  • Anonymous on

    "very sophisticated external cyber attack". Highly unlikely. Probably a simple attack. You don't mention that they (Anthem Blue Cross) were also hacked in 2010 and lost 200,000+ records. It seems that they don't learn their lessons very well and don't really care about their customers' data.
  • dudebro on

    I guarantee you the person reponsible, just another idiot who got promoted to a position he/she shouldn't have.
  • naive on

    why is it they have income data? are insurance payments based on the procedure or our income?
  • rayvaughn on

    True Anthem hires are probably from within: someones social network aa good pal..., so someone with real security experience has no chance of a hire. Glad I don't work there.. what a zoo

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.