Data breaches and phishing scams are becoming more popular among cybercriminals. There have been so many data breaches, in fact, that the chances that some of your private information has been discovered by online scammers and sold to other ones are pretty high. One of the most significant data breaches in recent years (that has been discovered….many large ones haven’t been discovered yet) was at Anthem Blue Cross/Blue Shield. If you are concerned you may have been a victim of that particular data breach, there are some things you should know, as well as things you can do to minimize the damage to your credit and identity you may have experienced.
Anyone who has been a customer of Anthem Blue Cross/Blue Shield in the past decade is a potential victim of this data breach, and should thus take some steps to do damage control, whether they have noticed anything odd in their credit report or use of personal information. Potential victims also include those who used the Blue Card in any area affiliated with Anthem during that period.
It is not only a data breach at Anthem that should be of concern to current and past customers. Anthem has also issued a warning about a phishing scam mimicking calls and emails from their company. The scammers will ask for personal information when they contact you, such as Social Security numbers and credit card numbers, which are all things Anthem never asks for in these ways. They will never ask for this information as a means to identify you.
Anthem has been working closely with a well-known and well-respected security firm called Mandiant to mitigate the damage from the data breach and phishing scam. It has also been working in close conjunction with the FBI to discover more about the origins of the data breach, which was discovered in January of 2015.
In the data breach, the following things were stolen from Anthem’s customers:
Dates of birth
Social Security numbers
Personal email addresses
Anthem health ID numbers
Anthem is offering current and former customers who may have been impacted by the data breach two years of free credit monitoring and credit repair services if needed. Most of the customers who have or may have been affected by the data breach were sent letters in February. The letters let customers know about the breach, how it may impact them, and that it took place across several weeks in December of 2014. The letter also warns current and former customers of the phishing scam that is ongoing.
Anthem is particularly calling out to customers in the letter to let them know that they are not phoning or emailing them about the data breach, and are not asking for any credit card numbers or Social Security numbers over the phone.
In fact, the phishing scam appears to be attached to the data breach, either being done by the people responsible for the data breach, or by people taking advantage of it. The scammers behind the phishing scheme know about the data breach and are using people’s concerns about their personal information being involved in it to get them to give their most sensitive information in a belief that Anthem will use that information to protect them against being affected by the data breach.
While some people are receiving phone calls in the phishing scam, with the telephone numbers looking like they are coming from Anthem, others are receiving emails. The emails include a link that says “click here” to sign up for free credit monitoring. Anthem is already automatically giving everyone affected or possibly affected by the breach free credit monitoring, so the emails are not coming from Anthem, even though they are made to look like they are. Anthem is quite clear in its letters to customers about the breach that the emails are not from them.
Those who are concerned they may have been affected by the Anthem data breach are being protected by Anthem, but there are additional steps they can take. These additional steps ensure the maximum level of protection now and in the future. Some things that people can do to protect themselves include:
Changing their passwords on just about anything they do online, but particularly email, financial accounts, and social media.
Get a copy of their credit report from all three credit bureaus and place a fraud alert on them.
Dispute any items on their credit reports that are not real.
Closely monitor transactions on any credit, debit, or bank accounts, and reporting any suspicious or fraudulent activity to the bank or credit card companies involved.
Doing these things will give individuals a sense of control over their potential exposure in the data breach, and will also go a long way toward helping ensure their personal information and finances stay protected.