Hack Attack: Health insurer’s customer information stolen

Last week, hackers hit Anthem, the nation's second-largest health insurance company. As many as 80 million customers had their account information stolen. The pilfered data includes names, birth dates, medical IDs, Social Security numbers, street addresses, email addresses and employment information.

If you’re worried about your personal information ending up in the wrong hands, the FTC has a helpful reminder. A credit freeze, also known as a security freeze, lets you limit access to your credit report, which makes it more difficult for identity thieves to open new accounts in your name.

Our Credit Freeze FAQs can help you decide whether a credit freeze is right for you. One thing to remember: A credit freeze doesn’t prevent a thief from making charges to your existing accounts. Even if you elect a credit freeze you still need to monitor your existing credit card and bank accounts for charges you don’t recognize. If you decide you don’t want to get a credit freeze, you can still place a fraud alert. It lasts 90 days — you can renew it — and makes it tougher for thieves to open new accounts.

It’s also a good idea to review your credit report periodically. Federal law allows you to get a free copy every 12 months from each of the three nationwide credit bureaus. Visit annualcreditreport.com or call 1-877-322-8228. Accounts on your credit report that you don’t recognize could indicate identity theft.

Anthem has established a website where members can access information about its data breach. In addition, the FTC can help you learn more about securing your privacy and identity.

Comments

All companies that collect social security numbers should be required to list only the last four digits of the number. EX: xxx xx 4021. If thieves do not have the entire number, it is harder to use the information. Why can't the Congress and the President take swift action to make this change? What about Medicare #s. That is the Social Security number with a letter behind it. What protection do Medicare card holders now have?

Hi, Betty. These are questions to be presented to you congressmen. The people that do, may see the government respond

Betty, PII is any information that also linked or linkable information to an individual. Last four digits are unique enough it should also be protected.

As a systems analyst, every company should have the ability to generate a unique number in their system that could identify it members. They would enter it one time and their system could generate a unique ID number from that. There would never be any need to house a persons social security number where it could be stolen.

Very Sad indeed.

Yet another MASS 'Hack Attack'. How, and where, do consumers find information re: current and/or ongoing FTC Reviews of each corporate data security breach? This is both a comment and question. An informative action response much appreciated...
Cheers,

The link to Anthem only provides a statement from Anthem, not a way to find out if we were hacked. Anthem indicates they will send that information via snail mail. They should be providing a web interface where we can query our name to immediately find out if BCBS clients were hacked. Not doing so gives the hackers and whomever they send the stolen data to more time to fraudulently open accounts with our personal information.

I totally agree with Randy. We should not have to wait weeks before we are told if our information has been taken.

This never happened when paper was the only media PII was recorded on. What until all your medical history is digitized under Obama Care.

Agree, why wait for a snail mail? What about those of us who travel for extended periods of time and will not not have immediate access to the snail mail received?

I totally agree with Randy. We should not have to wait weeks before we find out if our information has been taken.

Are the hacked email addresses specific to the employers? or both personal and work emails?

So to know from which email type spear phishing threats are likely to arise.

Anthem members included beneficiaries' SSN, DOB, and full names. Is Credit Monitoring available to all minors?

For ONE YEAR

I called Anthem about this, and all they could tell me was that they are working on it and will notify us WITHIN WEEKS if it turns out our data was taken. Totally unacceptable!

We are probably doomed for those who have money and anything of value. I myself and flat broke with nothing to speak of; however, I sure hope my SS is there when I need it.

As a member of Anthem Blue Cross/Blue Shield I want to put a security freeze on all my credit information to prevent access. How do I protect my current credit card and bank accounts?

hi my names sivan my accoente is hacking ples help me

When Social Security numbers were first issued, they were NEVER to be used for identification purposes...it was against the law. They were only to be used for income reporting and verification for Social Security. A few years ago, that law was quietly removed because everyone wanted to use those uniquely identifying numbers for their own reasons- insurance companies, credit card companies, medical providers, etc. That is what created the current situation where those numbers are so valuable, and have come to represent your IDENTITY more than any other thing. While those companies want to use our SS numbers for their own benefit, they do not keep them secure. You can go into any doctor's office and find that patient's records are filed under their SS#. You can watch over people's shoulders when they access your data, including SS#, and see other people's names and numbers. These are stored on the computers in lots of businesses and companies. Hardly Fort Knox. The idea that a company like Anthem, or a doctor, or a credit card company, or a bank, believes that our personal information is safe and does not need to be encrypted, simply because it is inside their firewall, is ridiculous. At the very least, the information is available to anyone who works there. Those companies ability to "manage" and control our data quickly and for their own benefit has superseded our rights to privacy, safety, and security. No one noticed or cared when those rights evaporated, except those of us who rabidly guarded our social security numbers...and were ultimately told we did not have to provide our number to anyone, but we could not have a credit card, or medical insurance, or obtain electric or gas services, or go to our doctor or a hospital without providing that information. Privacy and security are illusions.

Yeah, in a few weeks, we could be doomed and then it takes forever to recover our own funds and identity.

This latest data breach is outrageous! The federal govt. needs to take control. New social security numbers should be issued to every citizen or a whole new approach. These people can know takeover our lives with the information they have. They can file false IRS forms for refunds, buy cars, a house, utilities, open bank accounts, change accounts. We need swift action from the Govt. don't count on Anthem. Instead of big bonuses they could have implemented proper protections for their customers.

This is a HIPAA violation. We do have rights under HHS that our information is to be kept private. It looks a lot like willful negligence, I know Anthem doesn't think this has to do with HIPAA but the law says otherwise. They HAVE to keep our identifiable information protected, the lack of basic encryption shows willful negligence. I don't even think this has been reported as a HIPAA breach yet, which it is! I think they have 60 days to report this breach. Which is a joke. We are on our own. I may report this to HIPAA, not that it would help I'm sure.

The hackers have our address how do we know the information sent by Anthem is real or bogus? We cant trust email, phone or snail mail to be real now. This is very concerning and I am sure with 80 million identities now on the market to the highest bidder sooner or later most of us will have problems.

A modest proposal, for every doller lost in id fraud both those who do not protect critical information as well as those who steal it should be lible for financial damages, as well as criminal damages for the criminals who steal data.

This digital age scares me. This is my worst nightmare come true. I am very sad. I miss the 80s when all I had to worry about was locking my house doors. I wish more people lived by the golden rule. I can't believe people do such things to others. So I guess this means that I will no longer be doing anything online and will need to seek therapy for my extreme paranoia. I feel like my life is ruined. :(

I agree with the above comments about having to wait weeks until I hear whether Anthem lost my info. There should be significant penalties against companies like Anthem who are negligent in protecting my personal information. My identity was attempted to be stolen last year and even though they were not successful, it was very time consuming to contact the credit card companies that were issuing unwanted cards.

Where is Anthem's no accountability when someone's SS# is utilized with criminal intent and ruins lives.

Regarding the Anthem Cyber Attack

Some of you are wondering what you can do, if you don't know if we are one of the millions of Anthem customers who were affected. You can call the 3 Credit Monitoring Agencies and request that they place a Fraud Alert on your account. The Fraud Alert will sometimes expire in 90 days, so you would have to keep on top of it -- you could call them to add the Alert again. Ask their phone reps for details.

If you have been an ID theft victim before this event, ask the 3 agencies to place an "Extended Alert" on your account, which can last up to 7 years. If you have not been a ID theft victim before, then they might refuse to add the Extended Alert.

It might surprise you that certain Social Security office clerks might not use full precautions, when they verify a person's identity. Years back, when my husband was first affected by ID theft, he walked into our local SS office to explain things. They could do nothing... they cannot put an "alert" on your SS account. We were shocked when the SS desk clerk failed to ask him for his Driver's Licence. After a few key questions, the clerk proceeded to hand my husband his printed Income Records. After calling the national SS helpline, the phone rep was also surprised, and she said the casual approach of that SS office clerk was indeed wrong!

Athem says it will send letters to those affected. But they should be sending letters to ALL clients. Even if we are not affected, we should be notified, for peace of mind.

From the various news articles we've read, one author said that Anthem did not use stringent enough safeguards to protect of our data. They might have saved money by not using increased security measures, but this came with a cost -- now that our data has been compromised, they will have to pay significant funds to beef up their system security, and pay for credit monitoring for millions of affected customers.

Think about it -- if your stolen SS # can be sold on the black market, then what can Anthem (and all the other companies affected by security breaches) really do about it? They say they are sorry, and they agree to provide free credit monitoring for a year, but does this really solve the deeper problem? No!

Unless there is a major LEGISLATIVE change, there is little hope that cyber attacks will decrease. Multi-millions of Americans are affected every year by stolen data.

Unless the US government requires huge penalty fees from companies who were lax in security, then they will not put consumer protection as a top priority.

So, what can we do?

- Stay watchful. Look at your financial statements regularly, to make sure they are accurate.

- Contact the 3 Credit Monitoring Agencies (Equifax, Transunion, and Experian).

- If you get any e-mails or calls from "Anthem", do NOT press on any links. Do NOT give personal info to a phone rep who has initiated a call to you.

- If you have been an ID theft victim several times, you might want to consider a Credit Freeze. Depending on your state, this could be free (if you have written proof of ID theft), or it could cost $5. - 10. If you are a senior (65+), it might be free. You can read more about a Credit Freeze option on this site. Read the details carefully -- putting a Freeze on your Credit Monitoring Accounts can delay things a bit if you need to immediately verify your credit standing, for a cell phone, auto, etc. If you can wait 2 - 3 business days for your info to be "unfreezed" temporarily (i.e. you personally lift the freeze, by providing a pin #, and other info) then this might work for you. This is the step we are now considering.

There was an error in my previous comment.

When I referred to Experian, Transunion, and Equifax, I should have called them Credit REPORTING Agencies. I incorrectly used the word "monitoring", when referring to them.

FTC: please review your article to include something else that was stolen: "...employment information, including income data." Why does Anthem need to know my income???? Anyone could please explain?

My husband and I have tried to put a freeze for both of us on all 3 credit reporting agencies. Equifax is useless for me and all 3 for my husband. They want personal information "mailed" to them to put the freeze on. How safe is all that personal information in the mail when we can't trust secured websites. It was totally irresponsible for Anthem to not have IT people diligently working to secure our information. They were probably working harder on changing user programs for their employees and messing that up so they could do "hot fixes" and therefore secure their jobs. Wake up corporations...pay attention to what is going on. The big problem is Anthem is only administrative for corporations that are self insured. Anthem should have to pay for all medical problems this is causing instead of the companies paying them. By the time we get notified that our information was hacked it will be pandemonium.

For Colleen Tressler: I'm pretty sure my info. was hacked, and I need to know what to do moving forward. A 1-800 called me on Jan. 29th asking for information, which I did not give. Early Feb. I found out about the Anthem hack. Remembering the phone call, the stranger had asked if I wanted to be involved in a "survey", and they already had my birthdate. They wanted me to verify social, and address. She spoke good English. I immediately called my old insurance, and they confirmed that they did not make the call. Now, putting things together, I went to the police. What else should we be doing, but 1) getting a free credit report, 2) placing an alert and 3) freezing credit. Police thought risk would be they would try to file w/ IRS under our names with all that information. Colleen, give us more information. Thank you.

I TOTALLY agree with furious, and everyone above! SSN's should NEVER have been used for anything other than income reporting and to collect SS (IF there will be any left). Anthem's response was pitiful if you ask me. I can't imagine the poor institutions who will be handling the 80 million of us who want to put a freeze on our accounts. This is just insane.

Okay, so how much sleep have you lost over this so far?
this is a nightmare and why isn't there like a fingerprint or visual database or something now? Extra steps should be taken by all businesses wanting to extend credit to ensure that the ID is correct, whatever that takes. The bill should be theirs for extending credit to a fraud, rather than yours for being a victim.
Sick over this, sick, sick, sick.

It just happened to me last Friday, somebody tried to file a return with the IRS using my ss# and it wasn't me, I am glad that the IRS was able to immediately flag it as possible ID theft and notify me via mail within days of it happening. I think many will learn that they may not be able to file a tax return this year, if someone used their SS# to file before they did...and it was not caught. Anthem needs to be held accountable for this, 80 million SS# is insane and no encryption, this is pure negligence on their part!!!

I think Anthem should provide lifetime monitoring. Ultimately if people are hacked, they're the one's who'd have to do all the work to recover themselves from the theft. Anthem should provide this protection....but then they couldn't protect us in the first place. I see a lawsuit.....if people's finances start plummeting.

I agree completely! The update says two years, and that is NOT enough, social security numbers don't expire in two years, they need to provide the monitoring for a lifetime.

We are all of us now the owners of compromised ss numbers. We and our dependents must carry these numbers and their current status into the grave. For our dependents that's a lot more exposure than one year of credit monitoring. 41

PRESIDENT OBAMA!!! WHAT ARE U DOING ABOUT THIS? WILL I HAVE MY 401K and MY SOCIAL SECURITY $$$, OR WILL IT BE STOLEN??? WILL MY 4 YR OLD SON's SS# be STOLEN AND HIS LIFE RUINED BEFORE HE EVEN GROWS UP? DO SOMETHING NOW. WE NEED TO BE NOTIFIED NOW< NOT IN A FEW WEEKS!!!!!!

Why is it even legal to use Social Security numbers as they have been used? Why are Doctors, Banks, Insurance Companies, the IRS and everyone else allowed to require them. What was used before Social Security existed? What would be used if it did not exist? When will this stop? Aren't these incidents enough? STOP the MADNESS!

Who do we contact to Sue companies that hand our data to theives?

I got a call from on 2/4 from Anthem (Manny Health Representative) on my voicemail. He said to contact Anthem at this number 1-866-534-8187 press 1 and then 41599. I called yesterday and the representative from Anthem said they are not calling anyone regarding the data breach. This is very troubling at I asked her several times is she from Anthem and she said yes. I looked the number up on the internet but was nothing on it. Maybe this is a coincidence because I have been to the doctor. Any thoughts?

Just to let everyone know, www.anthemfacts.com is the website Anthem has put out to supposedly keep people informed. Up til now there hasn't been much info on there, but they do give information on the only way you will be contacted, and it is not by phone. They give a phone number for you to call and have now finally updated that site and now say they will give 2 years credit monitoring/help to everyone affected. DO NOT CALL PHONE NUMBERS LEFT, DO NOT CLICK ON LINKS, DO NOT GIVE ANY INFO TO ANYBODY, NOTHING, NADA, ZIP. Go to www.anthemfacts.com for the Anthem phone number. VERIFY EVERYTHING! God bless and good luck.

will putting the freeze or alert on my account keep me from using my credit cards abroad?

Call your credit card company. The way I understand it from everything I have read so far is that the alert doesn't stop you from using existing accounts. But abroad, good question. It is more of a prevention from opening any other new accounts. The monitoring of existing accounts is probably the best way to prevent your current accounts from being used fraudulently. Not sure how the credit freeze affects use abroad. If you find out, please post.

The phone number on the FRC site page for Security Freezes will not get you to Equifax's security freeze option. Fraud alerts, yes, but not for simply initiating a security freeze.

You can read more at the FTC's Credit Freeze FAQs. To place a freeze on your credit reports, contact each of the nationwide credit reporting companies:

Click on acompany name to go directly to its website.

All who are calling for the government to take over, those saying more legislation scare me more than the hackers! Heck, we don't even know -- it may even be NSA hacking -- getting our info and medical records! The larger government gets the less freedom we have, more problems we have, and the more the citizens are tied up with government red tape! If WE the People could DEMAND that our ss numbers not be used, we'd get somewhere, but as it is, We the Sheeple are herded into silence while they monitor us all for their benefit. No legislative "fixing" of this, PLEASE!

My husband and I have Anthem as well and just found out we too are victims of IRS tax fraud. I am devasted and am uncertain as to what other fraudulent financial misfortunes may come our way thanks to the lack of responsibility Anthem has shown us as members who have entrusted them with our most personal information. Two years of protection is no where near what is necessary to begin to help protect us.

My daughter, a college student, is now a tax filing victim as her return was rejected online. Now we have to file a form with proof of identity for the investigation to take place that will take months, meanwhile a hacker will get her refund that will cost all of us taxpayers...what a system!!!

I am an Anthem customer and due to this recent security breech, I signed up for the credit monitoring provided by Anthem 'AllClearID' on February 14. I logged into my account and everything was fine. I will be traveling overseas so I needed a credit card with a 'chip' in it. I filled out an online application on February 21 and right away I received an Email saying I was approved with a credit limit of $20K. I was expecting to receive notification from AllClearID regarding the application and if I approve, but nothing. I received my new credit card in the mail today. I called AllClearID but just got a phone service and she said they would call back within 5-7 days. Who can I escalate this to? The AllClearID does not work.

Update: AllClearId finally called me on March 14, after I have been using my new credit card for several weeks. They said it typically takes 4-8 weeks for them to notify you of an inquiry into your finances. I feel very safe as long as crooks agree no to use the card they take out in my name for at least 2 months...

We are victims as well - we have a IRS return done on us as well. I have contacted the IRS, Banks, credit cards, credit bureaus, SS, FDIC which we were told to do, police, pension, and family members. To ward off phone calls to parents asking for our personal info. I think we are clear. However we must update the credit bureaus every 90 days. this id exhausting..plus I wake at night wondering did I call everyone?? or miss something.

I just found out we're a victim too. Someone filed a joint return with our info in March. I am beyond upset. Someone will have our social security numbers the rest of our lives and our child lives. They will probably sell the info to other criminals too.

The lack of information at this date is unbelievable. The www.anthemfacts.com page hasn't changed in quite a while. It is almost six weeks since the hack was reported. Riding a wave of uncertainty.

This happened two months ago. Story was in the news 2/11 and TODAY was my first notification from Anthem. I am furious!!!

I and my two year old granddaughter are a victim of this mess. I want a new ss#, is this possible?

Contact the Social Security Administration when you discover any misuse of your Social Security number. Call 1-800-772-1213 or visit your local Social Security Administration Office. See www.socialsecurity.gov and click on Locate A Social Security Office. You also might be interested in reading Do You Need a New Social Security Number?

Anthem seems incapable of even sending the letters notifying people their personal information has been compromised! So far I have received letters for 4 different people at my home address and I don't even live in an area affected by this! That truly calls into question the validity of allowing them anything to do with computers.

I just received a postal letter from a company called Premera stating this has happened to my insurane company, Blue Cross/Blue Shield, and that they are representing them on this matter. They're offering the same ID protection plan that I've read about regarding Anthem. Are these two incidents related & has anyone else who belongs to BCBS received this letter?

someone by the number 818-945-6018 called today saying that my computer was hacked and they need me to press buttons on my computer. They new my name address and phone number. anybody else had this problem?

If you want tech support, look for a company’s contact information on their software package or the receipt for your computer.

Don’t give control of your computer to a third party who calls you out of the blue. A scammer can get your name and address from public directories. He might even guess what computer software you use. He could say he detected a virus or other malware on your computer. He's trying to trick you into giving him remote access to your computer, or paying for software you don’t need.

Never provide your credit card or financial information to someone who calls and claims to be from tech support.

I tried to 'freeze' my credit report online with all three credit agencies without success. Each one had me answer several questions which I answered correctly and each time the system would go immediately to a message instructing me to file manually and then they would advise if approved. Why are they making it impossible to freeze your account?

You can report a problem with a credit reporting company to the Consumer Financial Protection Bureau.

May 16, 2016 Somone Someone I'm delighted to add on the continuing situation that has been occuring on several occassion though I thought everyting would have been resolved by none my identity seem to still be a unrevolving problem with idenetity theft, data breach, personal information, hacker and credit theft, I have written to companines of the government agency and presidency agency and there trying doing everything possible to help. fustrated nerves reckon

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.