'Sophisticated' Anthem Breach Could Affect Millions

'Sophisticated' Anthem Breach Could Affect Millions
The health insurer, which serves 69 million people, says it suffered a cyberattack that might have put users' sensitive personal information at risk.

Well, at least we made it one month into 2015 without any major data breaches. Anthem, the U.S.' second-largest health insurer, has been hacked.

The company released a statement saying it was the target of a "very sophisticated external cyber attack."

So far, Anthem is saying compromised information includes names, dates of birth, member IDs, addresses, phone numbers, email addresses, employment information and Social Security numbers.

That last one is a big one. Unlike payment information or email addresses, Social Security numbers are not only hard to change, but also grant wider access to personal information used for identity theft when used with birth dates and names.

While Anthem has yet to estimate just how many of its customers have been affected, the company says it serves about 69 million people in total. So depending on the scope of the attack, tens of millions of Americans may be affected.

So what are customers to do? Wait, for now. Anthem says it will offer free identity repair services and credit monitoring for those affected, and Anthem plans to contact those people by mail.

As for what Anthem is doing to find out who the hackers are, The Wall Street Journal says they've hired the folks at Mandiant to investigate the cause.

A spokesman for Mandiant's parent company told Bloomberg the malware used to hack into Anthem's systems was sophisticated enough to be customized, which could mean it was an advanced attacker.

It's notable that Anthem appears to have discovered this hacking attack and reported it quickly, unlike companies which suffered similar challenges in the past.

When Target was hacked in 2013, the retail giant had been notified user accounts were compromised weeks before it finally announced there was a breach in December.

In a statement, the FBI complimented Anthem's quick action after discovering the attack, saying it "is a model for other companies and organizations facing similar circumstances."

In a questions-and-answers page, Anthem says hackers did not access medical diagnosis or treatment data. So far, credit card numbers don't appear to have been stolen, either.

This video includes images from Getty Images.