I first reported to you about the huge data breach at Anthem, a major health care company in February of 2015 when it was initially discovered. The data breach affected 78.8 million patients and employees. The data stolen included birth dates, Social Security numbers and other information putting the victims in extreme danger of identity theft. In response to the data breach Anthem offered free identity theft repair and credit monitoring services to current or former members of Anthem plans going back to 2004. A class action filed by people affected by the data breach was settled and approved by a judge in 2018. Here is a link to helpful information about the settlement if you were one of the victims of the data breach. https://www.databreach-settlement.com/
In 2019 two Chinese citizens, Wang Fujie and another whose name was not specified in the charges were charged with crimes related to the data breach. Both men are in China and are not expected to be extradited to the United States. The indictments state that the defendants used common spear phishing techniques to accomplish the hacking. Spear phishing is the name for specifically crafted emails that lure you into clicking on links that download malware on to your computer. This is the way that almost all major data breaches occur and it is also the technique used against individuals to lure them into downloading malware used in many scams such as ransomware or identity theft.
Now Anthem has agreed to pay 39.5 million dollars to a group of state attorneys general who also sued Anthem in regard to its lax security and failure to protect the data of its customers. In addition to the payment, the settlement also requires Anthem to improve its security protocols by implementing a comprehensive information security program that will include segmentation, monitoring, enctryption and employee training. Anthem will also be subject to third party security assesments and audits for three years.
To date, it appears none of the stolen information has either been used for purposes of identity theft or appeared for sale on the Dark Web to be sold to individual criminals who use the information for purposes of identity theft. This is not surprising because the massive data breaches accomplished by Chinese hackers are most commonly done on behalf of the country’s national security efforts and not for profit.
The Anthem data breach was just another example of the fact that you are only as safe as the places with the weakest security that hold your personal information. As much as possible, you should limit the amount of personal information that you provide to companies and institutions with which you do business. Your doctor may ask for your Social Security number as a means of identification, but he or she has no legal need for it. Also, you should protect your own personal electronic devices, such as your computer and cell phone by always promptly updating all of the programs you use when new updates or security patches become available. Don’t use your debit card for online purchases because the liability protections for fraudulent use of your debit card are not as strong as those for credit cards. Use strong unique passwords for all of your accounts so that if your password is compromised at one company, all of your accounts are not in jeopardy. Also, use dual factor authentication whenever you can for added security.
A helpful website that tracks data breaches and whether you have been affected by them is Have I Been Pawned where you can to and find out if your information was affected by recent data breaches. Here is a link to their website. https://haveibeenpwned.com/
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”