Yesterday, health insurance leviathan Anthem Inc. announced that its databases had been hacked, and “tens of millions” of current and past customers (including Wellpoint customers, Anthem’s predecessor) could be affected.
This one is much worse than any of the major retail breaches you’ve heard about, because this time the hackers took names, Social Security numbers, dates of birth and addresses. In other words, this means identity theft.
The retail breaches were irritating, sure. Your debit card might suddenly stop working, or you’d notice a fraudulent charge on your statement and you’d have to wait a few days to get that reversed. The stores would sign you up for free identity theft protection, which didn’t really help because it doesn’t block fraud on card transactions anyway. But you’d end up with a new debit or credit card.
The thieves in the Anthem breach didn’t get any credit card, debit card or account numbers, but the information they did take is exactly the information required to create false identities.
This could be much worse than not being able to use one of your cards for a couple weeks.
Anthem says it will notify affected customers by mail if their information was one of the affected accounts. When they offer free identity theft protection, this will be the time to take them up on it.
If you get a letter saying yours was one of the affected accounts, I would also recommend placing an identity theft alert or security freeze with the big three credit bureaus (Experian, Transunion, Equifax).
Maybe it’s time for “security freeze” to be the default setting for everyone, all the time. What happens after the single year of protection Anthem will (most likely) provide runs out? It’s not like the people who will end up buying this stolen data can’t just wait it out until after the protection expires. Maybe Anthem owes all of its customers free lifetime protection. Words like “very sophisticated external cyber attack” imply that the breach was unpreventable, but was it? We don’t know, and we might not ever.
At any rate, if you’re a current or former Anthem (or Wellpoint) customer, watch your mailbox for notification that your information has been compromised.