Anthem said Wednesday that its database has been hacked, potentially exposing personal information about 80 million of its customers and employees.
The health insurer said the breach exposed "names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data," but added that no financial information, including credit card details, was compromised.
"Cyber attackers executed a very sophisticated attack to gain unauthorized access to one of Anthem's IT systems and have obtained personal information relating to from consumers and Anthem employees who are currently covered, or who have received coverage in the past," the U.S. second largest insurer said in a statement.
An earlier report by the Wall Street Journal said the breach was discovered last week and investigators are still determining the extent of the incursion in what could be the largest data breach disclosed by a health-care company.
Anthem said it will notify the affected members individually.
The FBI had warned last August that healthcare industry companies are being targeted by hackers, following an attack on U.S. hospital group Community Health Systems Inc that resulted in the theft of millions of patient records.
Medical identity theft is often not immediately identified by patients or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.
— Reuters contributed to this story