‘Tens of millions’ of records stolen in hack attack on health insurer Anthem

Reuters / Stephen Lam
America’s second-largest health insurer, Anthem Inc, said hackers hit into a database with personal information of about 80 million of its customers and employees, the Wall Street Journal reported.

The damage from the hack that was discovered last week is still being estimated by the investigators, and Anthem said it is likely that “tens of millions” of records were stolen, according to the Wednesday report by The Wall Street Journal.

READ MORE: Hack will cost Sony upwards of $35 million

The company said names, birthdays, addresses and Social Security numbers had been exposed, however, the breach had not involved medical information or financial details, like credit card or bank account numbers. No evidence indicates that the data was leaked to the black market, the company reassured.

Thomas Miller, the insurer’s chief information officer, said the company was set “to share the information as soon as possible.” Although having as many as 60 days to report the attack it revealed itself, the health-care company decided to send letters and e-mails to “everyone whose information was stored in the hacked database” in the nearest future.

READ MORE: World’s most ‘NSA-proof’ phone vulnerable to simple SMS hack

David Damato, managing director at FireEye Inc., which is investigating the case, classified the Anthem attack as “sophisticated” and its techniques as “very advanced.” Hackers behind the breach have not been found yet, but, according to one of the versions, it originated in China.

A spokesman for the FBI said the agency is “aware of the Anthem intrusion and is investigating the matter” and praised the health insurer for its “initial response in promptly notifying the FBI after observing suspicious network activity.”

READ MORE: Facebook, Instagram go down globally, internet freaks out

Anthem, formerly known as WellPoint, is presented in a dozen of US states, where it covers around 37.5 million people. What appears to be the largest data breach disclosed by the company follows a series of last year’s attacks on Target Corp., Home Depot Inc. and Sony Pictures Entertainment Inc.