Phew! When January passed without a single mega data breach, I thought the storm had passed, big bad breaches were a thing of the past and I’d have to find something else to talk about.
But I lost the bet by less than a week. I said there would be a Target-size data breach before January was over. I was wrong and I’m willing to own that—on exactly the same day that healthcare giant Anthem has owned up to one of the single biggest data breaches in history. Forget breach fatigue, how often have we heard that claim?
Anthem Breach Exposes 80 Million Records
In a statement, Anthem has admitted that hackers managed to break in and steal the personal information on millions, possibly as many as 80 million, of its customers and employees. That information includes names, addresses, email addresses, Social Security numbers, dates of birth and even income information. In other words, the whole enchilada, caboodle, ball of wax, lock, stock and barrel. Or as famed hacker Kevin Mitnick used to say, “they got everything, baby.”
Not surprisingly, Anthem is trying to downplay this breach as much as it can. On its website the company highlights the fact that no credit or debit card information was stolen, knowing full well that’s the least dangerous information to lose:
“Based on what we know now, there is no evidence that credit card or medical information were targeted or compromised.”
The Worst Kind of Data Breach
But as the millions of breached consumers will attest to, cards are the easy peasy breach because they can be cancelled and reissued instantly, with no loss to the victim. The victims of this breach, who lost their name, date of birth and Social Security number to hackers, now face a lifetime of potential victimization.
Anthem was also at pains to point out that there’s no evidence the stolen information has been used in a fraud. The truth is, Anthem has no idea and no real basis to make that claim. If your Social Security number is used to commit fraud, neither you nor Anthem will ever know if was as a result of the Anthem breach.
Anthem also claimed that the attack was very sophisticated, as though trying to mitigate its own culpability. Uh, isn’t that what Target said, until it was later discovered that the Target breach was nothing more sophisticated than a simple phishing email that took advantage of horrendously bad security?
This is absolutely the worst kind of data breach because thieves have stolen the information that’s the most valuable, the most dangerous and impossible to change or cancel. You can’t change your Social Security number or date of birth, and I doubt many victims are going to change their name or move to a new address. This is mass victimization of the worst kind.
Once again, consumers are being asked to be alert, be patient and not panic. For those whose Social Security numbers were stolen, I think it’s time to worry—not just today or tomorrow, but next month and next year. Hackers can be very patient, and are likely to wait until the fuss dies down before they start using the stolen information.
And that’s the biggest cost. Victims of this type of breach are being forced to live in a constant state of worry, long after it’s no longer news and Anthem has moved on.
So how should you respond?
How to Protect Yourself Now
First, worry. Not only is it OK to worry but you deserve to—and need to. Because worry is often the first step towards your defense.
Be vigilant, especially with phishing emails that try to take advantage of the frenzy and worry.
If you’re an Anthem customer, keep an eye out for emails, letters, or phone calls with additional information and offers. But also be aware that these communications could also be bogus. If in doubt, go directly to Anthem’s website at www.anthem.com.
Don’t wait for free credit monitoring. Sign up, right now, for Credit Sesame’s free monitoring.
If you’re offered credit monitoring, demand it for life, because that’s how long you’ll be victim.
Consider freezing your credit, at least to protect against the creation of new accounts. But don’t assume that’s a cure-all. Credit freezes only block certain types of data abuse and identity theft.
Worried about identity theft? Credit Sesame now offers free identity theft protection to give you added peace of mind. When you sign up for a free Credit Sesame account you’ll get access to your free credit score, free credit monitoring with real-time alerts, plus $50,000 in identity theft insurance and fraud resolution assistance — for free. Sign up today »
More Resources on Identity Theft: