National Consumers League

Anthem Data Breach Increases Identity Fraud Risk for Tens of Millions of Consumers

February 5, 2015

Consumer group offers tips for affected customers and employees and calls for urgently-needed data security reform in Washington 

Contact: Ben Klein, National Consumers League, benk@nclnet.org, (202) 835-3323

Washington, DC – The National Consumers League is warning consumers that the data breach at Anthem, Inc. is likely to raise the risk of identity fraud for tens of millions of current and former Anthem customers and employees. According to published reports, the breach compromised as many as 80 million records, including sensitive personal information such as Social Security numbers, dates of birth, postal addresses, email addresses, employment and income data.

Criminals can use these pieces of personal information to commit a range of identity crimes in another consumer’s name. Such fraud can include opening lines of credit, filing fraudulent tax returns, and obtaining medical care or government documents to name only a few possible uses of this compromised data. While only a small percentage of compromised records are typically used to commit fraud, given the reported size of the Anthem breach, a significant number of consumers may fall victim to identity crime as a result of this breach.

“It is highly likely that the personal information compromised at Anthem has already or will soon appear for sale on cybercrime black markets,” said John Breyault, NCL Vice President, Public Policy, Telecommunications and Fraud. “As Anthem and investigators work to get to the bottom of this breach, it is important that consumers understand the possible consequences of this breach for their personal identity fraud risk.” 

The Anthem data breach once again highlights the urgent need for businesses that collect and store ever-greater amounts of consumer information to do more to protect that sensitive data. According to the Online Trust Alliance, more than 90% of data breaches that occurred in the first half of 2014 could have easily been prevented. While many businesses and other organizations have taken steps to improve their cyber defenses, it is clear what is being done is insufficient to stem to growing tide of cybercrime. 

Leadership from Capitol Hill on this issue is urgently needed. As President Obama made clear in his State of the Union address, “I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber attacks, combat identity theft, and protect our children’s information. ”Through the #DataInsecurity Project, NCL is working to hold Congressional leaders to account for following through on the President’s call to protect the millions of consumers who fall victim to cybercrime every year. A recent Javelin Strategy & Research survey commissioned by NCL found an overwhelming majority (72%) of identity fraud victims believe that existing federal data security requirements are insufficient to protect their data.

“At what point do we say enough is enough?” said Sally Greenberg, NCL Executive Director. “Businesses are making billions of dollars off of consumers’ data, but too many of them are not taking the steps needed to protect that data. The Anthem breach is another battle lost in the war against cybercrime. It is time for Washington to step up and institute reforms that finally help businesses get religion when it comes to data security.”

As federal policymakers debate data security reform, consumers should take steps to mitigate their risk of data breach-fueled identity fraud. NCL is offering the following tips to customers affected by the Anthem data breach:

  1. Anthem customers and employees should beware of phishing emails that may seek to trick them in to clicking on suspicious links or attachments. These emails can look very convincing and may reference the Anthem breach in some way. Clicking on the links or opening an attachment contained in the email can install malware that may be used to obtain additional sensitive personal information such as bank account or credit card numbers, usernames and passwords. Current and former Anthem customers and employees should be aware that Anthem has stated it will contact them via mail to notify them about further information related to the breach. More information is available from Anthem at www.AnthemFacts.com or by phone at (877) 263-7995.
  2. Monitor your credit report and dispute suspicious activity. Consumers can download a free copy of their credit report from each of the three major credit-reporting bureaus (Experian, TransUnion and Equifax) at www.annualcreditreport.com.
  3. If you suspect identity fraud has occurred, it is important to act quickly. Call one of the three credit reporting bureaus and request an initial fraud alert. This will place alerts on your report at all three credit-reporting bureaus. Once the alert is in place, the credit reporting bureaus will contact you when someone attempts to open credit in your name.
  4. If you confirm that you have been a victim of identity fraud, contact the Federal Trade Commission to create and Identity Theft Affidavit. This affidavit can be used to file a police report with your local police department. Together, these two documents form an Identity Theft Report, which is crucial to beginning the process of recovering from identity fraud. More information on spotting, reporting and recovering from identity fraud is available at Consumer.gov. The FTC also has a useful consumer checklist that includes information and required documentation for creating the Identity Theft Affidavit and police report available online.
  5. Do not reply to suspicious emails, as this may lead to additional social engineering attacks. Instead, the safest course of action is to simply delete the email. Consumers can also forward them to the United States Computer Emergency Readiness Team at phishing-report@us-cert.gov.
  6. Update your passwords on sensitive accounts, such as e-mail, social media and online bank and credit card accounts. Do not use the same username and password combination across multiple accounts. If stronger security measures such as multi-factor authentication are offered, enable them.

###

About the National Consumers League

The National Consumers League, founded in 1899, is America's pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.