Repercussions from some data breaches are easily remedied, but victims of insurance company Anthem's breach will have to remain vigilant against fraud for the rest of their lives.
The insurance company announced Wednesday that its database had been hacked, exposing personal data on as many as 80 million records for current and former customers and employees. The information accessed includes names, birthdays, Social Security numbers, street addresses, email addresses and employment information, including income data, according to the company. There is currently no evidence that financial or medical information was compromised, Kristin Binns, a vice president for Anthem, said in a statement.
That's a treasure trove of information, said Tom Gorup, security operations center manager for Rook Security. It's enough to commit identity theft, or bypass security questions to lock you out of existing accounts. And the risk isn't short term, like when a credit card number is stolen. "Just because the attacker stole the data today doesn't mean they'll sell it tomorrow," he said. "They could sit on this information for years."
(If there's a silver lining, it's that medical information wasn't included in the theft. Had claims data, test results or other medical data been stolen, it could also have opened the door to bribery, said Kevin Epstein, vice president of advanced security and governance for security firm Proofpoint. Any number of salient health details, from mental health issues to addiction treatments, could have been leveraged against victims.)
Still, if you're one of the millions of Anthem health insurance customers whose data might have been stolen, you're probably feeling pretty helpless right now. There are steps you can take to protect yourself though.
Monitor your existing accounts
The first thing you want to watch out for is someone using the information to trick a call center into letting them take over or transfer money out of your existing accounts, said Avivah Litan, an analyst at Gartner Inc. Criminals will try to get through the security questions using information that was stolen in this breach, including the last four digits of your social and street address. This kind of "cross channel" fraud accounts for 30 percent of all fraud, said Litan, up from almost none a decade years ago. Watch for any unauthorized activity or transfers on your current financial accounts, including 401(k) and brokerage accounts.
Sign up for credit alerts and identity theft protection
Anthem has pledged to offer free credit monitoring and identity protection services to all affected customers. These services will keep an eye on your reports for known indicators of identity theft and send you alerts, look for changes of address, and alert you when someone else tries to use your identity. "All impacted members will receive notice via mail, which will advise them of the protections being offered to them as well as any next steps," said Darrel Ng, a spokesman for Anthem, Inc. More information on those measures will be posted at AnthemFacts.com.
But don't wait for Anthem to complete its investigation, said Gorup. "It could be some time until individuals are informed," he said. It's better to sign up for service on your own, now, to thwart any immediate attempts.