Up to 80 million records stolen in Anthem security breach
Thu 5 Feb 2015
Account information on as many as 80 million customers of US health insurance company Anthem has been stolen, the company has announced in a statement.
“Anthem was the target of a very sophisticated external cyberattack,” said Anthem president and CEO Joseph Swedish in a post on a website dedicated to the incident.
According to Swedish, the hack directly targeted Anthem’s computer network, stealing data including customer names, dates of birth, medical ID numbers, Social Security numbers, as well as home addresses and salary information.
The compromised database held records for up to 80 million people but the insurance firm are still investigating to ascertain precisely how many customers have been affected. “At this point we believe it was tens of millions,” said Anthem spokesperson Cindy Wakefield.
Noting the current figures, Vitor De Souza of Mandiant, the computer security firm employed by Anthem to evaluate the hack, said this would be “the largest health care breach to date.”
As no actual medical data seems to have been stolen, the breach would not come under HIPPA regulations (Health Insurance Portability and Accountability Act), which oversees the confidentiality and security of medical information.
Tim Eades, CEO of computer security company vArmour, explained that the hackers would not have been interested in medical information: “The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday.”
The company, which has customers in 14 US states, has also confirmed that no credit card or payment details have been leaked.
“Anthem’s own associates’ personal information – including my own – was accessed during this security breach. We join in your concern and frustration and I assure you that we are working around the clock to do everything we can to further secure your data,” said Swedish.
The FBI was made aware of the hack by Anthem itself after having identified abnormal network activity. “Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible,” said Joshua Campbell, an FBI spokesperson.
Homeland Security added: “The Anthem insurance company breach is another in a long line of breaches that continue to have a deep and disheartening effect on consumer behaviour and the smooth flow of commerce both here at home and worldwide.”