Whether directly impacted or not, there are things we must all learn from the Anthem breach. The sensitive information that was accessed has provided criminals with the ability to create new lines of credit and to steal the identities of victims indefinitely but there are important steps we can all take to protect ourselves before it is too late.
According to Anthem President/CEO, “there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.” This remains to be verified but is not reassuring because the hackers accessed “names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.” This type of information is more valuable than credit card numbers because credit card accounts can be closed once fraud is suspected but social security numbers can be used repeatedly to build and destroy credit in endless identity theft schemes. (The breach involves as many as 80 million current and past subscribers of Blue Cross, Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare and BlueCard.)
Important fact for everyone to be immediately aware of:
To capitalize on fears and cyber vulnerabilities immediately following the Anthem breach announcement, opportunists started to offer real and fake credit monitoring services via email and telephone. (see examples following first 7 tips) These can impact current or past Anthem subscribers as well as subscribers of other insurance plans who want to take steps to protect themselves from future breaches.
7 Anthem Breach Related Do’s and Don’ts:
1. Do not give out personal information to anyone who calls claiming to be from Anthem (or other entity)
2. Do not click on links in emails that appear to be from Anthem or other entities offering credit monitoring services
3. Do contact Anthem or other hacked entity (bank, retail store, credit card company) with questions or for verification via the numbers on their websites, Explanation of Benefits, Member ID cards etc. rather than by information provided by incoming phone calls or email
4. Do share potentially fraudulent emails/telephone information with law enforcement/breached entities
5. Do reach out directly to credit monitoring services after doing your homework from information provided on websites versus email links/incoming phone calls
- Do not assume credit monitoring services help or prevent all types of fraud. They don’t!
- Do not assume signing up for credit monitoring is sufficient. It’s not!
6. Do keep tabs on your own credit and accounts
- Obtain an annual free credit report. (An excellent suggestion from a reader was to get 3 free reports per year. You can do this by requesting a free report from each of the credit bureaus (TransUnion, Equifax, Experion) once a year on the site linked to above. Stagger each request by 4 months and repeat that pattern every year.)
- Request a free manual social security number search from the major credit bureaus to see if your social security number is being used with someone else’s name
- Request a manual search for kids 17 and under to detect credit history that does not belong to your child
7. Do report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center
16 Bonus tips to minimize identity theft and fraud repercussions:
1) Check credit card/banking activity regularly
- Save credit card receipts and match to statements
- Reconcile bank statements
2) Set online email/text alerts on credit card/bank accounts for notification of unusual activity (get customer service assistance if you’re not comfortable online)
- For examples and more details, see How to Protect Yourself amidst Recent Data and Credit or Debit Card Breaches
3) Remove yourself from people directories and make your private online information difficult to locate
4) Provide personal information to trusted individuals and organizations only:
- Opt-out of anything that makes you uncomfortable: tracking cookies, apps, privacy policies and data sharing
- There are times when the best protection and intentions fail. Determine whether to continue your relationship with breached entities based on how they respond and protect you after a mishap!
5) Use password protection on all devices including computers, tablets and cell phones
7) Understand/enable privacy settings for social media and apps
- Understand what you give up when an app takes actions on your behalf
9) Be careful when communicating about confidential information
- DO NOT text or email sensitive information such as PINS, passwords, login info, account numbers, credit card numbers, and social security numbers. (A text password request from a family member could mean someone else has their device and texts and emails are not always private)
- Talk quietly and observe your surroundings when discussing confidential information (phone/in person)
10) Encrypt sensitive information (home and work)
11) Shred documents with sensitive/confidential information. (Medical, financial and business information)
12) Keep virus protection current on all devices
13) Bank and shop on secure networks only
14) Be wary of public Wi-Fi
15) Log out after using public computers
16) Avoid leaving trails (on public and personal devices) by surfing incognito and deleting cookies before logging off
This is a lot of information to take in at once but it is important. Please consider an occasional review and discussion of these tips with family members to keep your information as secure as possible.
Until next time, … Stay Cyber Safe!