Health insurer Anthem Inc. revealed Wednesday that it was the recent victim of a “very sophisticated external cyber attack” and that hackers broke into a database containing personal information for several million customers and employees, some of whom reside in California.
While investigators are still working to determine just how many people were affected, the attack, which was discovered sometime last week, likely resulted in more than 80 million records being stolen.
Some of the information exposed in the breach included names, birthdays, addresses and Social Security numbers. However, the nation’s second largest health insurer was quick to note that it did not appear that medical information, credit card numbers or bank account numbers were involved.
In California, where Anthem offers Blue Cross plans, spokesman Darrel Ng said that as soon as the insurer learned about the attack, every effort was made to “close the security vulnerability.” The FBI has also been contacted, Ng said, and the company and the agency are working together in the investigation.
Anthem Inc. has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate its systems and identify solutions to prevent further security breaches.
“We take consumers’ privacy very seriously and are doing everything in our power to make our systems and security processes — and most importantly your data — more secure,” Ng said. “In the meantime, as we learn more, we will continue to provide updates.”
Ng did not say how many in California could be affected.
“The Anthem insurance company breach is another in a long line of breaches that continue to have a deep and disheartening effect on consumer behavior and the smooth flow of commerce both here at home and worldwide,” Rep. Bennie G. Thompson (D-Mississippi), ranking member of the Committee on Homeland Security, said in a statement. “Of foremost concern is the impact on citizens’ private information. Next, there is the more difficult task of identifying how the attack was carried out and by whom.”
Anthem Blue Cross will individually notify current and former members whose information has been accessed. Free credit monitoring and identity protection services will also be provided. The company has also established a website, www.anthemfacts.com, where members can access information and updates on the breach.
A dedicated toll-free number for both current and former members to call if they have questions related to the incident has also been set up. Those wishing to use the service can call 1-877-263-7995.
“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Anthem President Joseph Swedish said Wednesday in a statement on the insurer’s website. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”
Contact Katie Nelson at 408-920-5006 and follow her at Twitter.com/katienelson210.