If you guessed that the health insurer Anthem would be the latest company compromised by hackers, you win today’s bingo! (All of our personal information will inevitably wind up with hackers, so let’s start having fun with it.) Last week the company discovered that hackers had broken into a database containing the personal information of about 80 million customers and employees, according to The Wall Street Journal. They are still assessing the size of the breach, but it appears “tens of millions” of files were stolen. The records include names, birthdays, and social security numbers, but there’s a small silver lining: It appears hackers didn’t manage to grab any financial or medical information, and so far no one is trying to sell the information on the black market.
Thomas Miller, Anthem’s chief information officer, said the company discovered the breach when a system administrator spotted a database query that he didn’t initiate. It’s unclear who was behind the attack, but investigators were able to trace the hacked data to an online storage service and freeze it there, though it may have already been copied to another location. Under federal law, Anthem had 60 days to report the hack, but Miller said the company wanted “to share the information as soon as possible.” Anthem has informed the FBI and hired the cybersecurity firm Mandiant and will be sending letters and emails to people whose information was compromised.
Anthem, which was formerly known as WellPoint, is the country’s second-biggest health insurer, and this is likely the largest breach of a health-insurance company ever. An FBI spokesman said the agency is investigating and praised the company for its “initial response in promptly notifying the FBI after observing suspicious network activity.”