Hackers Hit Health Insurer Anthem, Steal Data on Millions of Customers

By
WOODLAND HILLS, CA - FEBRUARY 9:  The Anthem Blue Cross headquarters is seen after the health insurer began informing its individual policyholders of rate hikes up to 39 percent to take effect at the beginning of March, on February 9, 2010 in Woodland Hills, California. Anthem Blue Cross, which has the highest number of individual customers in California, raised rates by as much as 68 percent in 2009. Health insurance companies in California can legally raise their rates at any time by as much and as they want.  (Photo by David McNew/Getty Images)
The Anthem Blue Cross headquarters in Woodland Hills, California.Photo: David McNew/2010 Getty Images

If you guessed that the health insurer Anthem would be the latest company compromised by hackers, you win today’s bingo! (All of our personal information will inevitably wind up with hackers, so let’s start having fun with it.) Last week the company discovered that hackers had broken into a database containing the personal information of about 80 million customers and employees, according to The Wall Street Journal. They are still assessing the size of the breach, but it appears “tens of millions” of files were stolen. The records include names, birthdays, and social security numbers, but there’s a small silver lining: It appears hackers didn’t manage to grab any financial or medical information, and so far no one is trying to sell the information on the black market.

Thomas Miller, Anthem’s chief information officer, said the company discovered the breach when a system administrator spotted a database query that he didn’t initiate. It’s unclear who was behind the attack, but investigators were able to trace the hacked data to an online storage service and freeze it there, though it may have already been copied to another location. Under federal law, Anthem had 60 days to report the hack, but Miller said the company wanted “to share the information as soon as possible.” Anthem has informed the FBI and hired the cybersecurity firm Mandiant and will be sending letters and emails to people whose information was compromised.

Anthem, which was formerly known as WellPoint, is the country’s second-biggest health insurer, and this is likely the largest breach of a health-insurance company ever. An FBI spokesman said the agency is investigating and praised the company for its “initial response in promptly notifying the FBI after observing suspicious network activity.”