Anthem, the parent company of Empire Blue Cross Blue Shield, which administers hospital benefits for the Empire Plan, has reported hackers broke into a database containing personal information for about 80 million of its current and former enrollees and employees. The breach exposed names, birthdays, addresses, member identification numbers, phone numbers, email addresses, employment information and Social Security numbers, but does not appear to involve medical information or financial details such as credit card or bank account numbers. State employee records were definitely included in the data breach.
Also, New York residents who may have been impacted by the cyber attack against Anthem, should be aware of scam email campaigns targeting current and former Empire BlueCross BlueShield and Empire BlueCross members. These “phishing” scams are designed to look like they come from Anthem, but the company says it is a scam to get your personal information. The e-mails include a ‘click here’ link for credit monitoring. These emails are NOT from Anthem or Empire.
- DO NOT click on any links in email.
- DO NOT reply to the email or reach out to the senders in any way.
- DO NOT supply any information on the website that may open, if you have clicked on a link in email.
- DO NOT open any attachments that arrive with email.
Empire is NOT calling members regarding the cyber attack and is NOT asking for credit card information or social security numbers over the phone.
Anthem will individually notify current and former enrollees via mail delivered by the U.S. Postal Service whose information has been accessed. They will provide credit monitoring and identity protection services free of charge to affected enrollees. They have posted Frequently Asked Questions (FAQs) at http://www.anthemfacts.com/faq and established a dedicated toll-free number that enrollees can call if they have questions; the number is: 1-877-263-7995. Anthem is currently investigating to determine which files have been breached and expects to mail letters to affected Empire Plan enrollees next week.
Eight tips to help consumers navigate this security breach: Here’s what you need to know:
- Don’t open or click on any emails claiming to be from Anthem. Some may be malicious. These are probably not even from the actual hacker, but are garden-variety phishing scams that follow any breach. These are designed either to install malware on your computer or get you to give up financial details that will allow them to access your accounts or open new ones in your name. (People who don’t have Anthem coverage will receive these also. Any spammer with an email list can send these out.)
- Anthem will contact you by mail if your personal information has been breached. Even if you think an email is from Anthem, do not click on any email links. Separately log on to their website by typing the letters of the URL yourself. Malicious emails may appear to re-direct to the Anthem website, but actually do not.
- Monitor your credit reports and bank accounts. All consumers have the right to a free credit report annually from each of the three big credit bureaus. Visit the U.S. Federal Trade Commission (FTC) website for a how to.
- Consider a fraud alert now. Consumers who suspect they are victims of identity theft can add a 90-day, renewable initial fraud alert to their credit reports (which also entitles you to an additional free credit report). If you know you are an identity theft victim and file a police report or FTC affidavit demonstrating this, you can request a permanent fraud alert.
- Consider the “peace of mind” of a security freeze on your credit reports. Ten years ago, U.S. PIRG, along with Consumers Union, drafted a model state security freeze law, and with the help of AARP and others, it rapidly became law in 47 states until the credit bureaus finally capitulated and agreed to provide freezes in all jurisdictions. A security freeze prevents new credit from being issued in your name but allows your existing creditors to look at your report. It’s the only way to prevent financial identity theft, since new creditors who cannot see credit scores or reports will not open new accounts. A freeze requires more work by you; if you want to apply for a new credit card or a home refinance, you’ll need to temporarily lift the freeze (you can do this on a targeted creditor basis). A typical freeze costs $10 ($30 for 3) and $5-10 each time it is temporarily lifted. A few states offer free security freezes for identity theft victims or senior citizens.
- Don’t pay for expensive credit monitoring. Take it for free from Anthem. A freeze is much less expensive, and 100% more effective, than over-priced “credit monitoring” services sold by the credit bureaus and other firms. We will be monitoring Anthem’s expected offer of free credit monitoring, and will strongly oppose it if it is set to automatically convert to paid credit monitoring at the end of the free offer. Nevertheless, due to the serious nature of this breach, it’s okay to take it for free.
- Update critical passwords. It’s always a good idea to use different, robust passwords for all your important accounts. And it’s a good idea to update them regularly.
- Consider filing for tax refunds ASAP. Several state attorneys general and 0ther officials recommend filing for tax refunds as soon as possible.
**** UPDATE, 2/23/15 *****
The recent security breach at Anthem, parent company of Empire Blue Cross Blue Shield (BCBS), may also affect PEF members and retirees enrolled in BCBS HMOs across New York. In addition to Empire BCBS HMO, other BCBS HMO options are: BCBS of Western NY, Blue Choice, HMOBlue – CNY, and HMOBlue – Utica region. All are offered through the New York State Health Insurance Program (NYSHIP).
These HMOs will not be communicating with their members about the breach. Instead, NYSHIP HMO members should expect to only receive information on the cyber-attack from Anthem, and they will only receive a letter if their personal information has been accessed. Anthem expects to mail these letters over the next several weeks.
AllClear ID is the company Anthem is partnering with to supply free credit monitoring services for members over the next two years. Members should be directed to www.anthemfacts.com for information on the breach and also to sign up for the free credit monitoring services.