Another major data breach in our country has occurred,
and unfortunately will not be the last. Anthem, one of the nation’s largest
health insurance companies, first announced the hack on February 4th,
although it was detected on January 27th. The unauthorized data quarries
started as early as December 10th of last year and is believed to
have occurred through the discovery date. Anthem is based out of Indianapolis,
Indiana.
The first lawsuits in the Anthem hack have been filed in Indiana, California, Alabama and Georgia.
The suits allege that Anthem did not take adequate and reasonable measures to
ensure its data systems were protected. It is estimated that 80 million Anthem
customers whose information may have been affected could be harmed.
Hackers gained access to a company database that included
members' names, birthdays, Social Security numbers, addresses and employment
data, including income. Unlike some of the other data breaches covered in this
blog such as the Target and Mapco breaches, credit card information was not
among the data stolen.
How the hackers got the
information is different as well. The hackers appear to have compromised the
credentials of five different tech workers at Anthem, possibly through
"phishing" e-mails that trick users into unwittingly revealing
passwords or downloading malicious software. The malware used to break into
Anthem's network has not shown up on other computer networks and does not
appear to have been used in recent attack attempts on other companies.
One of the main questions for consumers is why Anthem
would have maintained a single database containing information about 80 million
current and former members. HIPPA violations could be a concern for Anthem due
to the breach as well.
