14 DAY TRIAL // A total of 78.8 million individuals may have had their personal information exposed in the data breach incident that hit health insurance company Anthem, between 8.8 and 18.8 million of them not even being its customers.
The company believes that the individuals have Blue Cross Blue Shield (BCBS) medical plans and used them in states where Anthem operated.
BCBS is a nation-wide association of 37 independent health insurance organizations, Anthem being part of it, that provides medical insurance plans to state and federal government employees.
Many customer records are incomplete
Records of these customers may have been included in the exposed database. The client information is believed to have been added in the past ten years. The initial estimated number of affected individuals was 80 million.
In a statement for ABC News, Anthem said that it found that 14 million records were incomplete and could not be matched to a specific member. In some cases, valid email addresses are available, and will be sent notifications, as part of the “effort to notify every potentially impacted member.”
The data breach incident was discovered on January 29 and it affected sensitive information such as names, dates of birth, social security numbers, health care IDs, home addresses and email addresses.
FBI says it is close to pinpointing the culprit
An investigation into the matter is currently in development, and the FBI is part of it. There is suspicion that the hack was orchestrated by a foreign government, although no official confirmation has emerged.
During a roundtable with reporters on Tuesday, the law enforcement organization said that it was close to finding the culprit.
“We’re close already,” said Robert Anderson, who leads the FBI’s Criminal, Cyber, Response, and Services Branch. However, attribution will not become public until a threat actor can be tied to the attack with absolute certainty.
To reduce the risk of fraud, Anthem offers its customers free identity protection services for a period of two years. Since cybercriminals have been quick at taking advantage of the incident, Anthem also provides fraud prevention tips and warns customers of malicious email campaigns sending messages with spoofed sender addresses.