There’s more news about the massive hacker breach of Anthem Insurance – the second largest insurance company in the U.S. – and now victim of the largest breach in history with up to 80,000,000 people affected. Hackers were able to steal a single password that unlocked the complete Anthem database of customers (and as it turns out now – even non-customers).
What a mess…
This breach is the worst on record. Not just because of the sheer number of victims, but more because of the richness of the stolen data. Hackers grabbed the Holy Grail of identity theft that was filled with a delicious cocktail of consumer data:
- Date of birth
- Social Security number
- Phone numbers
- Income data
What more could a thief want!!!???
Seriously. This treasure trove of information can be sold over and over again as it allows thieves to create all kinds of phishing ,vishing, smishing, and every other kind of attack that targets the most-wealthy victims with a hand-crafted message right to their phone, email or LinkedIn inbox. This is valuable data.
So how can Anthem fix this?
Once the fox leaves the hen house, it’s pretty hard to protect the chickens, but Anthem is trying to do something. It’s estimated this disaster will cost them $100,000,000 – maybe more – not counting the money, time, heartache, and anger that will be spent by its many customers. Even for those spared from identity theft, it will certainly be a huge inconvenience.
In order to improve their image and attempt to protect their customers they recently announced a credit monitoring and identity theft recovery service for everyone affected. Anthem has hired AllClear ID (formerly Debix) to provide this service. AllClear ID are the experts in offering companies a post-breach identity theft protection service and it’s a good product.
There’s one major problem, as we see it:
Anthem is only offering 24 months of protection for breach victims
This is inadequate, in our opinion. This breach was massive and offered up virtually everything an identity thief wants. People can’t change their Social Security number, address, or other data that was released. Their info will be out on the internet FOR THE REST OF THEIR LIVES!
Anthem will write off the costs incurred for providing this service and move on with their corporate life. The victims are not so lucky. This is something that will potentially affect them forever – even after they’re dead, potentially.
We think coverage that extends five, ten, fifteen years or more is much more appropriate for this kind of serious and data-rich brief. Maybe some of the state Attorney Generals and/or soon to arrive class-action lawsuits will “encourage” Anthem to change their minds on what they offer the victims of this breach.
Don’t hold your breath…