You don’t have to be a direct customer of Anthem to have been a victim of the company’s recent hack.
Anthem’s initial analysis indicates that about 78.8 million people may have been affected by the cyberattack, according to the company’s Anthem Facts page. That number refers to the volume of people whose data could have been viewed by the hackers but not necessarily stolen from the database.
Around 60 million to 70 million of those 78.8 million people are current or former Anthem members. The rest include non-members, specifically current and former non-Anthem Blue Cross Blue Shield members who used their Blue Cross and Blue Shield insurance over the last 10 years in a state where Anthem operates Doing the math, that means anywhere from 8.8 million to 18.8 million people who were not direct Anthem customers could have been impacted by the attack.
“Because of the way Blue Cross and Blue Shield plans work, we process each other’s claims when they’re in states where we operate,” a spokesman for Anthem told CNET. “So if you work for Boeing and their plan is Blue Cross Blue Shield of Illinois, but they have employees in California, our California plan processes those claims, and those people were in the database also.”
On February 4, Anthem revealed that it had been the target of a massive cyberattack by hackers who broke into its servers and stole the personal information of as many as 80 million current and former members and employees. Anthem CEO Joseph Swedish said the attack compromised names, dates of birth, member IDs, Social Security numbers, addresses, phone numbers, email addresses and employment information. But he said he found no evidence that any credit card or medical records had been exposed.
Anthem has promised to individually contact every person whose information was stolen and to provide free credit monitoring services. But the company has been criticized by the attorneys general in several states for not acting fast enough to inform individual users. A letter sent to the insurance provider on behalf of ten attorneys general said “few follow-up details have been made available, and none at all about how individuals can sign up for the protections Anthem will provide them.” The letter expressed “alarm” at Anthem’s failure thus far to follow up with customers impacted by the hack.
Anthem said it will start sending letters next week to all those affected by the hack and will offer two years of identity theft repair assistance, credit monitoring, identity theft insurance and fraud detection, Reuters noted. The company continues to work with federal and state law enforcement to investigate the hack and said it believes tens of millions of customers records were stolen and not simply accessed.
The data breach and the resulting financial consequences could reportedly surpass $100 million. Anthem’s own cyberinsurance policy covers losses of up to $100 million. However, the cost of informing more than 80 million people may extend beyond that amount.