Safeguarding your personal, financial and medical information is one of our
top priorities, and because of that, we have state-of-the-art information
security systems to protect your data. However, despite our efforts, Anthem
Blue Cross was the target of a very sophisticated external cyber attack.
These attackers gained unauthorized access to Anthem’s IT system and have
obtained personal information from our current and former members such as
their names, birthdays, medical IDs/social security numbers, street
addresses, email addresses and employment information, including income
data. Based on what we know now, there is no evidence that credit card or
medical information (such as claims, test results or diagnostic codes) were
targeted or compromised.
So yeah, safeguarding is apparently not that much of a priority.
This from a fucking company that uses an online payment system that limits your password to 8 characters.
Their email stated that they would contact those who have been breached. It appears that everyone was breached. I think that means that they will try and hide the care package (1 year of free credit monitoring) in snail mail so they don't have to pay out.
I already locked my credit and now I'm thinking it's time to freeze my credit so no one can take out new lines without me unfreezing it or increased authentication.
I am learning how this is all working, but if you think about it, it's silly to wait for a breach to have your data locked down.
You pay a one-time fee to each of the three credit bureaus. The fee varies by state (around $5-$10, may be less for seniors, usually free for identity theft victims). You can do this online.
If you need to unfreeze (eg. applying for a new credit card or a loan), you need to pay another fee per credit bureau, so you should find out which bureau will be used. You can unfreeze permanently, unfreeze for a short time period, or get an authorization code that you can give to whoever needs to check your credit report.
No, this is in the case of fraud, and then unlock it after 3 months. If you want it frozen until you rescind it, it costs $10 per bureau, but there may be an exception for fraud.
In addition to reading that, I signed up for one of those credit monitoring/protection sites. The one I chose was TransUnion, but I'm still learning about this stuff. I suggest you look around.
This may be a blessing in disguise as it seems that a deluge of phishing attacks ensued, obviously, after this announcement. Whether or not the attacks are directly attributed to leaked information or the attributed party. Be vary wary of any emails that anyone does or has received.
Anthem has stated that they will not be calling or emailing clients and you should check their site http://AnthemFacts.com for updates. (why that site is not protected by ssl I have no idea)
If you do get contacted personally it's a safe bet it's a phishing attack.
Our Company is affected and all our interaction has been through HR. I would contact your HR department.
Anthem will not be emailing individuals, but apparently will be sending a snail-mail packet of information including an offer for credit-monitoring services. And they have been contacting, via email, the benefits/HR people of client companies which used Anthem for group health plans for their employees.
(that all comes via my employer, which has been sending me updates about this)
That site is strange - they have a big box saying that no medical or credit card data was compromised, then buried in the body text we find out that "These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. "
CC numbers are far less important than any of those identifiers - unlike your SSN or address, they're easy to change. Someone with all that info can just apply for their own CC or loan in your name...
Anthem said they wouldn't be sending emails, so that may have been a scam:
"Members who may have been impacted by the cyber attack against Anthem, should be aware of scam email campaigns targeting current and former Anthem members. These scams, designed to capture personal information (known as "phishing") are designed to appear as if they are from Anthem and the emails include a "click here" link for credit monitoring. These emails are NOT from Anthem."
got notified twice by anthem (email) and once by company (hr got contacted by anthem) but they still havent confirmed if my data has been disclosed (obviously, i suppose it has)
I am part of Anthem and I have heard literally nothing directly about this, it's all been through news/tech sites.