Anthem Insurance

ZDNet

Health insurance hack hit up to 19M non-Anthem customers

By Zack Whittaker

February 24, 2015

A cyberattack on health insurance firm Anthem earlier this year impacted between 8.8 million and 18.8 million customers enrolled on non-Anthem plans.

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, these privacyenhancing apps, extensions, and services can protect you both online and offline.

The second-largest provider of health insurance in the US said Tuesday a total of 78.8 million people may have been ensnared by an earlier database breach, according to a Reuters report.

Up to 70 million of those are enrolled in an Anthem insurance plan, but the remaining figures are on plans offered independently. Millions of customers in the 14 states where Anthem operates may still have had details stolen from a hacked database.

Earlier this year, Anthem confirmed it had suffered a cyberattack, leading to the theft of tens of millions of records. Hackers were said to have stolen a single password, allowing them to break into a database of unencrypted personal information of millions of current and former customers and employees.

The messages were often accompanied by links to download huge amounts of what appears to be data from Sony Pictures' internal networks. In a memo shortly after the first leaks were obtained by the Hollywood Reporter, Sony Pictures executives Michael Lynton and Amy Pascal acknowledged the theft of a " large amount of confidential" data:.

While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession.

The hackers appeared to have obtained a list of the applications and programs that run on JPMorganʼs computers — a road map of sorts — which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bankʼs systems, according to several people with knowledge of the results of the bankʼs forensics investigation, all of whom spoke on the condition of anonymity.

The cyberattack led to the theft of names, dates-of-birth, Social Security numbers, addresses, email addresses, and phone numbers..

Adding to the company's woes, it was accused of failing to inform customers of the breach, which led to an investigation by a number of attorney generals from various US states.

The cost of the hack is likely set to cross over the $100 million mark, according to reports.