Protecting Yourself From the Consequences of Anthem’s Data Breach
By: Tara Siegal Bernard (New York Times) February 2015
Given the steady beat of security breaches, consumers may assume that a cybercriminal already has at least some of their personal information. But in the latest intrusion, at the health insurer Anthem, hackers got their hands on an especially valuable collection of sensitive information on millions of people.
Anthem, which offers several Blue Cross and Blue Shield plans across the country, said the database that was breached included names, Social Security numbers, birthdays, addresses, email and employment information for as many as 80 million people, including some of its own employees.
That is what you call the “keys to the kingdom,” security experts said.
“All of the information stolen is enough to open new accounts or take over someone’s accounts,” said Julie Fergerson, chairwoman of Identity Theft Resource.
STEPS TO TAKE So what should consumers do right now? Anthem created a website, www.AnthemFacts.com, and a toll-free number, 1-877-263-7995, to respond to questions. The company said it would provide free identity repair services and credit monitoring for up to a year.
But individuals can also employ some strategies now, all of which involve greater vigilance and at least some degree inconvenienceof. Even if you do not expect to be affected by the latest breach, most consumers should think about how to protect themselves from the next intrusion.
EXISTING ACCOUNTS What’s worrisome about the Anthem breach is that criminals have enough information to try to gain access to your financial or consumer accounts by posing as you over the phone, security experts said. Using your address and other identifying information, they could try banks near you or check with various service providers or retail outfits.
“They could call in and pretend to be you and would probably be able to answer the security questions based on the information available here,” said Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, a consumer group. Take it one step further, and a thief could say he had lost the password, then create a new one, potentially locking you out of your own account.
To avoid this, ask your financial institution (or any other account provider) to attach a secret word or code to your accounts, Mr. Stephens suggested.
Some companies are also beginning to offer something called two-factor authentication, which helps provide protection for online accounts. The system typically combines something you know — like a password — with something you have (a special token, for instance, or a numeric code sent to your smartphone). “It would make it extremely difficult to accomplish an account takeover,” Ms. Fergerson said.
You can keep tabs on your credit-related accounts by obtaining a copy of each of their three credit reports free at least once a year through AnnualCreditReport.com. By pulling a report every four months, you create your own monitoring service, though it won’t stop a thief from opening an account in your name.
NEW ACCOUNTS There is a more extreme option, known as a “security freeze.” This is one of the strongest tools against theft because it prevents someone from trying to open a new account in a consumer’s name. When you freeze your reports, the three big credit bureaus generally will not release your credit reports to any company that does not already have a relationship with you. Financial providers and other companies typically request such reports before issuing a new account.
Consumers need to approach each of the three credit bureaus — Equifax, Experian and TransUnion — and may need to pay a small fee, depending on where they live. The process can be involved because the freeze has to be “thawed,” or lifted, to apply for a new credit card, for instance, or for a mortgage and even some types of insurance. (But the extra effort may be less burdensome than cleaning up after an identity thief.)
SOCIAL SECURITY NUMBERS That Social Security numbers were stolen is particularly unwelcome since, unlike credit card or debit card numbers, they are hard to change. The Social Security Administration wants some evidence that you have tried everything possible to protect your number before it agrees to assign a new one.
But “even if you try to change it, oftentimes you get linked back to the old one,” Ms. Fergerson said. “Social Security numbers are not just a financial issue. You use that for Medicaid, Medicare, unemployment compensation, child support. You have to think of the entire picture and keep your eye on everything.”
OTHER VULNERABILITIES These types of breaches leave consumers vulnerable to spear phishing — a type of attack in which thieves send sophisticated emails (or voice or text messages) to specific individuals to try to extract more information, like user names or passwords.
And since this latest breach yielded income information, the criminals could use that to further tailor their appeals. As with all cyberattacks, it is hard to know whether or when stolen information may be used, which means more vigilance and monitoring should become routine.
“It is extremely advisable for consumers to monitor all of their accounts,” Mr. Stephens said. “And it goes well beyond your credit. If you have a 401(k), a stock brokerage account, savings accounts, they are all going to be vulnerable as a result of this breach.”
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008