A major data breach this week has affected one of America’s largest insurance companies, Anthem. According to our top resource Krebsonsecurity.com, the breach has affected potentially tens of millions of their approximately 69 million customers. Anthem has not yet released any numbers on how many records were captured by the hackers, although they have sent out mass emails to their customers notifying them of the breach and will be offering free credit monitoring services to those affected.
Anthem is currently conducting an extensive forensic investigation in conjunction with the FBI in order to determine who the culprits are. They have stressed that the data breach has not included any health or financial/credit card records, however the breach may have exposed “personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.”
According to new information from investigators there is a chance that the data breach was caused by state-sponsored hackers in China. This coincides with an alert that the FBI had circulated last week about potential Chinese hackers targeting American companies. There is also information from Steve Ragan at Salted Hash that the data breach was going on for almost a month before Anthem noticed and called in reinforcements.
Additionally, it is reported that phishers are pouncing on this data breach and have been sending widespread fake emails claiming to be from Anthem offering a link to “Free Credit Monitoring” and other scams, potentially to gather new or more information from victims. It’s also reported that they are cold-calling people on the telephone. It’s unclear whether the stolen data is being used for these schemes or if it’s random. Anthem has stated that it will be notifying customers who were affected by postal mail about how to enroll in the free credit monitoring.