Anthem data breach leaves consumers more open to identity theft
PITTSFIELD >> While last week's data breach at Anthem Health Care conjured up memories of recent attacks on Target or Home Depot, experts say this case could have more serious consequences for consumers.
While the Anthem thieves reportedly did not receive credit card data, they did receive Social Security numbers and other personal information, which could leave consumers more susceptible to identity theft.
"Unfortunately, with this one there is the potential that people could have new lines of credit opened," said Eva Velasquez, the president and CEO of the Identity Resource Center, a national nonprofit that monitors identity theft.
"This is very different than the retail breaches we heard about because that was credit card information and it would not allow (thieves) to open new lines of credit," she said. "A Social Security number is very vital. When it's out there and available to thieves, it does give them a chance to use it for a variety of different things."
According to previously published reports, the data breach at Anthem compromised as many as 80 million records, including personal information like Social Security numbers, birth dates, street, postal and email addresses, and employment and income data. Anthem is one of the nation's largest health benefits companies.
Late last week, state Attorney General Maura Healey announced that her office will be conducting its own investigation into Anthem's data breach in an attempt to protect Massachusetts consumers.
Velasquez said on Monday that she believes the Massachusetts Attorney General's Office is the first of its kind in the country to open its own investigation into Anthem's data breach.
"I'm not surprised," said Velasquez, who's organization has been tracking identity theft since 2005. "As far I know this is the largest health care breach that has been recorded.
"It's massive in scope, and the information compromised is extremely sensitive," Velasquez said. "It does make sense for an attorney general to look at things and get answers for their constituents."
Information compromised in Anthem's data breach could also enable thieves to file fraudulent tax returns, and obtain medical care or government documents, according to the National Consumers League.
"It a thief ends up using your information and you end up with mixed medical records you could get an improper diagnosis in treatment," Velasquez said.
In a statement posted on Anthem's website, President and CEO Joseph R. Swedish stated the company was "the target of a very sophisticated cyber attack" that gained access to Anthem's IT system and obtained personal information from both current and former members.
However, Swedish said some information on Anthem's website was not compromised.
"Based on what we know now there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised," he stated.
Once the attack was discovered, Swedish said Anthem "immediately" made every effort to close the "security vulnerability," has contacted the FBI and begun fully cooperating with their investigation.
"I think it's too early to tell right now who's been affected locally," said Mike Levin, a representative of the Dowd Insurance Agencies, which has five offices in Hampden County.
If Anthem has cyber liability insurance, which Levin believes the company does, it will have to notify consumers whose information has been breached in compliance with each state's individual laws.
"What an insurance company will do is they have a breach coach who will go in with a team of lawyers and public relations people and they'll guide Anthem through dealing with this breach," Levin said.
"They'll bring in a forensics team to figure out how this breach occurred, and send the notifications to people who are affected, and set up credit monitoring," he said.
To help consumers guard themselves against potential identity theft, the Attorney General's office suggested that consumers order a copy of their credit report and look for unauthorized activity. Consumers are entitled to one free copy of their credit report every 12 months from each of the three nationwide credit reporting companies, Experian, TransUnion and Equifax.
If unexplained activity is found on a credit report, consumers should place an extended fraud alert on their credit report. They should also review and monitor all credit and debit card information, and consider placing a "security freeze" on their credit report.
To initiate such a security freeze, consumers should send a written request to each of the three credit bureaus to prohibit the release of any information from the report without a consumer's written authorization.
Consumers who believe they have been the victim of identity theft should file and obtain a police reports from their local police department.
Anthem customers and employees should also watch for phishing emails that may seek to trick them into clicking on suspicious links or attachments, according to the National Consumers League. Consumers are also urged not to reply to emails, because they may lead to additional social engineering attacks.
"It's called 'spoofing' " Levin said. "They spoof an email address so it looks like it's coming from Anthem. They'll put something out there asking you to supply your Social Security number if you've been involved in that breach.
"If somebody's asking you for your Social Security number, or license number, or any personal identification, never send it," Levin said.
The NCL also recommends consumers who believe they have been victims of identity fraud to contact the Federal Trade Commission and create an Identity Theft Affidavit. This document can be used to file a police report. Together, those two documents form an Identity Theft Report, which is crucial to beginning the process of recovering from identify fraud.
Anthem has set up a dedicated website, AnthemFacts.com, where members can access information such as frequent questions and answers. Or call toll-free: 1-877-263-7995.
More information on spotting, reporting and recovering from identity fraud, visit consumer.gov.
TALK TO US
If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.