Anthem Says Data From As Far Back As 2004 Exposed During Hack, Offering Free Identity Theft Protection

A week after health insurer Anthem announced that it was the latest victim of a security breach, the company revealed that hackers had access to tens of millions of customers’ data going back as far as 2004.

The Los Angeles Times reports that the company is now offering all current – and anyone who has been an Anthem customer since 2004 – two years of free identity-theft protection services.

The Indianapolis-based insurer says an internal investigation into the massive breach is still ongoing and they have yet to determine which customers have been affected.

“We will continue to do everything in our power to make our systems and security processes better and more secure,” CEO Joseph Swedish tells the Times. “Our primary goal is to earn back their trust and confidence in Anthem.”

Anthem faces multiple investigations by the FBI, federal healthcare officials and state insurance commissioners, the Times reports.

“We appreciate the identity-protection services being put into place by Anthem, but reviewing the scope and implications of this event will be a long process,” said Monica J. Lindeen, Montana’s commissioner of securities and insurance and president of the National Assn. of Insurance Commissioners.

The Times reports that since the breach came to light last week, the company has received criticism for not taking steps to encrypt people’s Social Security numbers and other personal details that were vulnerable.

At the time the breach was announced the company said that tens of million of employees’ and customers’ personal information, such as names, dates of birth, social security numbers, street addresses, e-mail addresses, employment information, and income data, had been accessed by the hackers.

As part of state and federal investigations, commissioners are looking into whether Anthem took sufficient security measures to safe-guard that information.

Industry analysts tell the Times that the outcome of those inquiries could lead to government sanctions like fines or suspension from key programs like Medicare Advantage or bidding for state Medicaid contracts.

Anthem first spotted the breach internally. They then brought it to the attention of the FBI and hired a specialist cybersecurity firm to help investigate. In a statement at the time, Swedish called it a “very sophisticated external cyber attack.”

The company, formerly known as Wellpoint, is the second largest health insurer in the country and currently covers 37.5 million Americans. They operate a wide variety of plans and brands, particularly Blue Cross Blue Shield.

The company has launched a dedicated website for sharing information about the breach, though at the moment it only contains the statement from Swedish and a brief FAQ.

Anthem data breach poses a big test for its CEO [The Los Angeles Times]