A cyberattack on US health insurer Anthem has reportedly leaked personal details of millions of its customers and employees, including names, birthdays, addresses and social security numbers.
According to the insurer, hackers breached its database containing personal information of about 80 million customers and employees, which is claimed to be the largest data breach experienced by a US healthcare firm.
Though the extent of attack, discovered last week, is still yet to be determined, the company expects that none of the financial details, including credit-card or bank-account numbers, were leaked as part of the attack.
Reuters cited US Representative Michael McCaul as saying: "This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information."
The insurer will send letters and emails, where required, to affected customers within the hacked database and is also creating an informational website and would also offer a credit-monitoring service.
Anthem president and CEO Joseph Swedish said: "I want to personally apologise to each of you for what has happened, as I know you expect us to protect your information.
"We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem."
Lee Weiner, SVP Products and Engineering at Rapid7, commented: "The FBI has commended Anthem for its quick response to this breach. Being able to detect and address a security incident quickly is a huge challenge and can make all the difference in terms of the impact and ability to pursue the culprits."
"Based on the limited information available, it sounds like Anthem discovered the problem pretty quickly and was able to move fast in confirming an incident and calling in support from law enforcement and information security responders."
"Current and former Anthem members should be vigilant for so-called "piggy back" attacks – criminals leveraging concerns over the Anthem breach to launch social engineering attacks that target Anthem members."
"These would likely be in the form of emails or calls designed to trick worried consumers into taking an action or sharing confidential information such as financial details."
"Consumers should be suspicious of any unsolicited calls or emails – don’t click on links, or provide personal information over the phone or email. If you get a call, offer to call back and use your search engine to find the appropriate number. Do likewise for any emails."
"For organisations who may employ individuals whose personal information was stolen, may also want to take additional precautions as employees often use the same login credentials across corporate and personal websites. No mention of stolen passwords has been noted, but organisations may still want to exercise caution and ask affected employees to change their passwords for any corporate access and applications."