Scam of the day – July 2, 2017 – Anthem data breach class action settlement

I first reported to you about the huge data breach at Anthem, a major care health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees.  The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft.    In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004.

A class action filed by people affected by the data breach has recently been settled with the settlement now awaiting approval by a federal judge in California overseeing the case.

Here is a link to the settlement.

Approval is expected shortly.  Under the terms of the settlement, Anthem will offer two more years of identity theft repair and credit monitoring services to those affected and will pay up to fifteen million dollars toward out of pocket costs incurred by victims of the data breach.  Anthem also agreed to make substantial changes to its cybersecurity systems.  The total amount to be paid to settle the class action is 115 million dollars which is more than five times what Target and Home Depot spent to settle similar charges.  The primary reason for this is that in the Target and Home Depot data breaches all that was lost was credit card information while in the Anthem breach, personal information that can lead to significant identity theft was stolen.  Hopefully, this will serve as a wake up call to companies to upgrade their cybersecurity.  It is important to also note that, as with so many data breaches, this was started when an employee clicked on a link in a simple phishing email.


I will notify you when the settlement is approved and let you know how to make a claim and apply for the additional credit monitoring and identity theft protection as well as apply for out of pocket expense reimbursement.

Neither Anthem nor AllClear ID, the company Anthem is using to provide credit monitoring and identity theft protection services to victims of the data breach assists with credit freezes although it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian if you were a victim of this or any other data breach.  You can find out how to put a credit freeze on your credit report by putting in the key words “credit freeze” in the Search the Website section of Scamicide at the top right hand corner of this page.

Scam of the day – August 13, 2016 – Healthcare worker convicted of identity theft

Data breaches at hospitals and other health care providers are a major problem.  The Ponemon Institute’s study of the health care industry this year found 90% of health care organizations suffered data breaches during the last two years including the massive data breach at Anthem.  However, often overlooked is the fact that not all data breaches are caused by outside attacks.  Many of them are caused by rogue employees with access to data that they steal and then sell to others or use themselves for purposes of identity theft.  Recently Alana Wells a health care worker in Alabama pleaded guilty to stealing patients’ names, dates of birth and Social Security numbers and then using them with her co-conspirators for purposes of income tax identity theft by which they filed phony tax returns using the names and Social Security numbers of their victims’ seeking fraudulent tax refunds.  Sentencing will occur later this year and she faces a sentence of up to seven years in prison.


Apart from the lesson that employers must do a better job of protecting the data they hold from rogue employees, which admittedly is a difficult job, one thing we as consumers should do is recognize that this problem occurs everywhere and consequently, whenever possible, we should limit the amount of personal information we give any company or institution with which we do business to the minimum amount necessary.  When it comes to hospitals and health care institutions, despite the fact that they routinely ask for your Social Security number, they have no true reason to use it as an identifier. When asked, suggest another number such as your driver’s license.

Scam of the day – May 24, 2015 – CareFirst Blue Cross Blue Shield hacked

Health insurer Care First Blue Cross Blue Shield became the latest victim of hacking in the health care industry.  This latest hacking which was only just announced a couple of days ago, but occurred in June of 2014 is just the latest in a series of data breaches at major health care companies and insurers including Anthem and Premera.  More than a hundred million people have had their personal information compromised in these data breaches leaving them in serious danger of identity theft.  The Care First hacking affects more than a million of its present and former customers.  The breach was discovered a month ago during a routine forensic review of its computer networks.  Fortunately, neither Social Security numbers nor credit card numbers were lost in the data breach.  However, the hackers did manage to steal the names of present and former customers, email addresses, birth dates and Subscriber ID numbers, all of which could be used by the hackers for targeted email spear phishing by which intended targets of the identity thieves receive emails that, due to the information contained within them as well as the fact that they are directed to the individual by name, appear to be legitimate.  In these emails, in which the identity thief poses as a legitimate company doing business with the targeted person, the intended victim is lured into either clicking on links containing keystroke logging malware or into providing personal information in response to the email.  In either of these situations, if the intended victim clicks on the link or provides the information, he or she will quickly move from intended victim to actual victim.


Remember my motto, “Trust me, you can’t trust anyone.”  Never provide personal information to anyone who contacts you by email, text message or phone.  You can never be sure if they are legitimate.  Never click on links in emails or text messages until you have actually confirmed that the communication is legitimate.  If you think such an email or text message might be legitimate, contact the real company at a phone number or email address that you know is accurate to confirm whether or not the email or text message you received was legitimate.  With so much information about all of us available either in public data bases or by way of data breaches of companies with which we do business, you can’t trust an email, text message or call regardless of how legitimate it may appear.  Always verify before providing personal information.

Scam of the day – February 6, 2015 – Massive data breach at health insurer Anthem, Inc.

Anthem, Inc, the country’s second largest health insurance company has announced that it has suffered a massive data breach in which personal information on up to 80 million of its customers and staff were stolen including personal information of its President and CEO, Joseph R. Swedish.  Included in the compromised personal information was names, birthdates, medical IDs, Social Security numbers, street addresses and email addresses.  This is a veritable treasure trove of data for identity thieves.  According to Anthem, no credit card data was stolen, however, this is of little consolation to those people who the victims of this data breach as the amount of information that was stolen on each victim is quite sufficient to be translated into making them victims of identity theft.  Once again, this shows that you are only as safe as the places that hold your personal information.

Particularly troubling is the theft of the medical IDs which brings up the possibility of medical identity theft which occurs when someone uses your information to gain access to your medical insurance and which can cause the identity thief’s medical information to be included on the victim’s medical record.  This can result in someone receiving a transfusion of the wrong blood type or other potentially deadly results.  Correcting medical records tainted by medical identity theft is quite difficult.  You can go to the archives of Scamicide for more information about medical identity theft and what you can do about it.


At the moment, we do not know how the breach was accomplished, but the FBI and Mandiant a private cybersecurity firm are investigating the breach.  As soon as it is determined how the breach occurred, I will report it to you.  Meanwhile, if you are an Anthem customer, you should assume that you may be affected.  Anthem has set up a website to which you can go for the latest information about the breach.  it is  Anthem has also set up a toll free number for present and past Anthem customers to call for further information.  That number is 1-877-263-7995.   It is important to remember that you may be contacted by an email or text message that appears to come from Anthem asking you for information or to click on links.  Do not do so.  The communications may be from other identity thieves seeking information.  If you have any questions after receiving such an email, you should go directly to the Anthem website or call them at the toll free number indicated above.  Also, this is a good time, if you have not done so, to consider putting a credit freeze on your credit report.  You can find out how to do this in the Archives of Scamicide.  Finally, if you are a Anthem customer, you should also start monitoring all of your financial accounts more regularly for any evidence of fraud.