Anthem cyber-attack

AuntPeggy · Mar 3, 2015

Just got a letter from last year's health insurance company. Read through 3/4 of a page of a** covering to get to this:

Regrettably, this analysis showed that you were among the individuals whose information was improperly accessed as a result of the cyber-attack on Anthem. We are very sorry for any difficulty or inconvenience this unfortunate incident may cause.

They offer two years free identity theft repair (what is that?) and credit monitoring services.

They go on to say, "We are committed to evaluating and enhancing our data security practices..."

Then, on the news I hear that ATC is vulnerable to cyber attack. sigh.
http://www.cnn.com/2015/03/02/politics/cyberattack-faa-air-traffic-control-hacking/

Sleep well.

RJM62 · Mar 3, 2015

AuntPeggy said:
Just got a letter from last year's health insurance company. Read through 3/4 of a page of a** covering to get to this:

They offer two years free identity theft repair (what is that?) and credit monitoring services.

They go on to say, "We are committed to evaluating and enhancing our data security practices..."

Then, on the news I hear that ATC is vulnerable to cyber attack. sigh.
http://www.cnn.com/2015/03/02/politics/cyberattack-faa-air-traffic-control-hacking/

Sleep well.

Sorry to hear you got caught up in that.

The identity theft monitoring is next to useless, in my opinion, but it's something. I'm on my third or fourth year of free identity theft protection. Each time some outfit gets hacked and my information gets compromised, they offer me a year's free protection; so I just kind of daisy-chain them.

The problem is that they basically suck. By the time they get around to notifying me that an account has been opened or what have you, an identity thief would have cleaned me out. And they're always trying to push their more expensive services.

All this I.D. theft crap does get annoying after a while, and we have the government to blame for it. If they didn't require that so many damned entities collect your SSN and other data for either tax or "homeland security" purposes, the information wouldn't be out there stored in so many places to be stolen.

Rich

Aeric · Mar 3, 2015

RJM62 said:
All this I.D. theft crap does get annoying after a while, and we have the government to blame for it. If they didn't require that so many damned entities collect your SSN and other data for either tax or "homeland security" purposes, the information wouldn't be out there stored in so many places to be stolen.

Rich

This.

docmirror · Mar 3, 2015

Please don't use the free identity theft offer. Think about it, the first they they ask you for is your personally identifying information! Kinda like pushing the gas pedal after you've driven over the cliff.

Freeze your own credit on all three credit agencies, and notify them in writing that you were part of the Anthem cyber attack, and lock your report for access.

Also, notify your bank, and CC companies in writing that you were the victim of a cyber crime, and keep copies of all your letters.

BillTIZ · Mar 3, 2015

That reminds me, I need to go get my annual credit reports and look it over.

Clark1961 · Mar 4, 2015

BillTIZ said:
That reminds me, I need to go get my annual credit reports and look it over.

Use creditkarma.com, they've finally started reporting valid credit scores and you can check monthly.

JGoodish · Mar 4, 2015

docmirror said:
Please don't use the free identity theft offer. Think about it, the first they they ask you for is your personally identifying information! Kinda like pushing the gas pedal after you've driven over the cliff.

Freeze your own credit on all three credit agencies, and notify them in writing that you were part of the Anthem cyber attack, and lock your report for access.

Also, notify your bank, and CC companies in writing that you were the victim of a cyber crime, and keep copies of all your letters.

Most of the credit monitoring services that I've been offered as the result of a data breach (such as ProtectMyID) are owned or operated by, or closely affiliated with, a credit reporting company who already has my PII. Aside from that, enough other organizations have my PII by now that the credit monitoring company is probably the least of my concern.

Freezing your credit can prevent new lines of credit from being opened, but will not necessarily prevent damage from identity theft.

The point of credit or ID theft monitoring is to detect potential malicious activity as or shortly after it occurs, which would likely be well before you would detect it otherwise, thereby providing you with an opportunity to mitigate the damage.

I have the opportunity in my career to experience an intimate view of how many large global companies, including some well-known retailers, approach the issue of data security at the executive management level. In my opinion, most of them are concerned about the PR aspect more than anything else. Almost none of them have comprehensive data retention policies, except where required by law, and therefore typically default to retaining data in perpetuity, exposing data collected in the distant past to future risks.

Unfortunately, for health-related services, you have no choice but to give up your PII, and it's being sent to more places and within view of more people than ever before, thanks in large part to the expanding role of government in the health care market. It's a risk that's becoming more difficult for individuals to control.

JKG

Neal Howard · Mar 4, 2015

It is totally mindboggling how many corporations and govt agencies are such complete morons about I.T. security and carelessly expose their sensitive systems to the wild, lawless public Internet.

docmirror · Mar 4, 2015

JGoodish said:
Most of the credit monitoring services that I've been offered as the result of a data breach (such as ProtectMyID) are owned or operated by, or closely affiliated with, a credit reporting company who already has my PII. Aside from that, enough other organizations have my PII by now that the credit monitoring company is probably the least of my concern.

JKG

Fine with me, but we are not all like you. I assure you, every identity theft or credit monitoring service, whether aligned with a major credit issuer or not will ask for your PII. If they already have it, they have it if they don't, you've just put it out there with another company.

If you aren't concerned you aren't the OP.

guardrail · Mar 4, 2015

Unfortunately I've had the displeasure of writing that letter a few times...ugh!

Take the credit protection services, it's free, and generally run by one of the approved credit organizations (Experian, Transunion, etc.). They will ask for your SSN, DOB and address as part of the sign-up. Then they will monitor your accounts for activity like address changes, card requests, etc. It's helpful but the chance you see an impact of this breach is really pretty rare. The chance your CC gets spoofed and used in some other locale like Puerto Rico is much higher...

Anthem cyber-attack

AuntPeggy

Final Approach

RJM62

Touchdown! Greaser!

Aeric

Line Up and Wait

docmirror

Touchdown! Greaser!

BillTIZ

Final Approach

Clark1961

Touchdown! Greaser!

JGoodish

Cleared for Takeoff

Neal Howard

Cleared for Takeoff

docmirror

Touchdown! Greaser!

guardrail

Pre-takeoff checklist