Hack on health insurer exposes personal info of 80 million customers and employees
In what may be largest data breach ever reported by a health insurer, Anthem Inc. has announced that a hack attack discovered last week obtained personal information for as many as 80 million customers and workers, including the company’s chief executive officer.
The intruders got names, addresses, dates of birth and Social Security numbers but not medical and financial information, the company says. It isn’t clear how the hackers got access to the data, which reportedly was not encrypted, drawing fire from security experts who said it should have been.
ABC News, Fortune, the Los Angeles Times (sub. req.), the San Jose Mercury News, the Wall Street Journal (sub. req.) and the Washington Post (reg. req.) have stories.
“You essentially have the keys to the kingdom to commit any type of identity theft,” Paul Stephens, who serves as director of policy and advocacy at the Privacy Rights Clearinghouse, told the LA Times, referring to the data the hackers are known to have obtained. “The information can be used not only to establish new credit accounts but also potentially penetrate existing accounts at financial institutions or a stock brokerage. The scope of the information involved is incredible.”
Anthem president Joseph Swedish offered a personal apology on the company’s website. He also said the hackers had accessed his own information.
The insurer promised free credit monitoring and identity-protection services to those affected. A statement posted on the company’s website and a a page about frequently asked questions offer more details.
