Massive Anthem Data Breach Followed by Flood of Phishing Attacks

By Eric Noonan • February 7, 2015

On February 4th, Anthem Inc., the nation’s second-largest health insurer, disclosed that hackers had broken into its servers and stolen data from over 80 million customer records. The information stolen from the insurance enterprise includes names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data.

Bloomberg reports that U.S. federal investigator is pointing the finger at state-sponsored hackers from China. Although unconfirmed, that suspicion would explain a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks. A spokesman for the FBI said the agency is “aware of the Anthem intrusion and is investigating the matter” and praised the insurer for its “initial response in promptly notifying the FBI after observing suspicious network activity.”

Anthem, Inc. published an FAQ page in an attempt to provide answers to the countless questions and concerns of customers impacted. In one FAQ post, Anthem stated that they would mail notices to customers affected in order to provide clarity over how their data is being protected and any next steps that customers would need to take. It took only minutes for phishers and phone fraudster to capitalizing on the public’s fear over the massive data breach by unleashing a flood of targeted phishing attacks and cold calls to impacted customers with the intent of stealing even more financial and personal data from consumers.

As shown below, phishing emails were outfitted to appear as legitimate as possible:

 

Anthem Phising Email

 

Anthem, Inc. has since updated their FAQ to address the flood of phishing and phone fraud attacks:

 

Anthem FAQ

 

Anthem, Inc. further clarified that all notifications will be sent to affected consumers through regular snail mail in the coming weeks. If you’re a current or former Anthem member, we strongly encourage you to be aware of these types of scams and expect them to escalate in the coming weeks.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security