News of the massive data breach at insurance giant Anthem Inc. isn’t even a week old, and already the phishing scams have begun.
Phone calls and emails are already circulating that claim to represent Anthem and offer free identity theft protection to victims of the breach. These calls and emails are not from Anthem, but scammers attempting to obtain personal and financial information.
Anthem has stated that they will contact customers affected by the breach by mail over the next couple weeks.
That means postal mail, friends. The kind that’s on paper and comes in an envelope, delivered by that person your dog completely freaks out at six time a week. The letters will give you information on identity theft protection, as well as the next steps you should take.
If someone calls you on the telephone, they’re not from Anthem.
If you get an email message, it’s not from Anthem.
If you get a text message, that’s not from Anthem, either.
If some weirdo shows up at your door, they’re not from Anthem.
Okay, I don’t really think that last one is going to happen, but you never know. I’m trying to me preemptive, here.
Watch your mailbox if you’re a former or current Anthem (or Wellpoint) customer. The old-school mailbox. Any other communications that claim to be from Anthem are fraudulent.
You can also get information online here.
Yesterday, health insurance leviathan Anthem Inc. announced that its databases had been hacked, and “tens of millions” of current and past customers (including Wellpoint customers, Anthem’s predecessor) could be affected.
This one is much worse than any of the major retail breaches you’ve heard about, because this time the hackers took names, Social Security numbers, dates of birth and addresses. In other words, this means identity theft.
The retail breaches were irritating, sure. Your debit card might suddenly stop working, or you’d notice a fraudulent charge on your statement and you’d have to wait a few days to get that reversed. The stores would sign you up for free identity theft protection, which didn’t really help because it doesn’t block fraud on card transactions anyway. But you’d end up with a new debit or credit card.
The thieves in the Anthem breach didn’t get any credit card, debit card or account numbers, but the information they did take is exactly the information required to create false identities.
This could be much worse than not being able to use one of your cards for a couple weeks.
Anthem says it will notify affected customers by mail if their information was one of the affected accounts. When they offer free identity theft protection, this will be the time to take them up on it.
If you get a letter saying yours was one of the affected accounts, I would also recommend placing an identity theft alert or security freeze with the big three credit bureaus (Experian, Transunion, Equifax).
Maybe it’s time for “security freeze” to be the default setting for everyone, all the time. What happens after the single year of protection Anthem will (most likely) provide runs out? It’s not like the people who will end up buying this stolen data can’t just wait it out until after the protection expires. Maybe Anthem owes all of its customers free lifetime protection. Words like “very sophisticated external cyber attack” imply that the breach was unpreventable, but was it? We don’t know, and we might not ever.
At any rate, if you’re a current or former Anthem (or Wellpoint) customer, watch your mailbox for notification that your information has been compromised.