Anthem Inc., the nation's second-largest health insurance company, is the latest target of a security breach. Eighty million customers, including the company's own CEO, are at risk of having their personally identifiable information stolen.
What is Personally Identifiable Information?
Personally identifiable information (PII) can be anything that identifies an individual such as full name, an address, home, office or cell phone numbers, an email address, a Social Security Number, or other form of national ID number, an Internet Protocol address or a fingerprint or other biometric data. Such information may also include medical, educational, financial, legal and employment records.
Today, virtually every company acquires, stores and uses PII. Most have it for their employees and, depending on their type of business, many companies will have it for their customers, patients, residents, and students.
The loss of PII can result in substantial harm to individuals, including identity theft or other fraudulent use of the information. The value of PII is what has led to hackers attempting and succeeding at breaching a company's internet security.
Anthem Inc. Gets Hacked
As many as 80 million customers of the nation's second-largest insurance company have had their account information stolen. The hackers gained access to Anthem's computer systems on Wednesday (Feb. 5) and got information including names, birthday, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data.
Even with identity monitoring services, victims of the Anthem breach are in for a lifetime of looking over their shoulders. Social Security numbers are key for loans, taxes, employment records and banking. The hack exposed enough information for a criminal to commit identify theft, and unlike a credit card number, a Social Security number cannot be replaced.
Medical and health care breaches accounted for 43% of data breaches in 2014, according to the Identity Theft Resource Center. The Anthem hack is among the largest at a health care provider.
Anthem says it plans to notify affected customers once it determines who was impacted. There are several steps customers can take while they wait to hear from the company:
Monitor Your Accounts:
Banks often only require the last four digits of a Social Security number and confirmations of your name and address to allow access to your account. This information was exposed in the Anthem breach, opening up a window of opportunity for hackers to gain entry to financial accounts.
Enroll in Identify Protection Services:
Anthem says it will mail affected customers information about credit and identity monitoring services. Identity monitoring is retroactive: these services can alert you when or if someone misuses your identity.
Place a Security Freeze on Your Account:
A security freeze puts a lock on your credit report so the bureaus are forbidden from releasing it without your express consent. The freeze must be filed with each credit bureau individually and typically costs about $10, though some states allow victims of identity theft to place a freeze for free. This means that before applying for a job or credit card, buying insurance, obtaining a mortgage or giving anyone access to your credit report, you must ask the bureau to lift the freeze.
Request Fraud Alerts:
Ask one of the three major credit bureaus - Equifax, Experian or TransUnion - to place a fraud alert on your file. The company you inform will alert the other credit bureaus to do the same. These alerts last for 90 days and require businesses to take extra steps to verify your identity before issuing credit, for example, opening new accounts or increasing credit limits.
Beware of Tax Fraud:
Once a criminal has the nine-digit password to your life - a Social Security number - it becomes easier to file a tax return under your name to claim the refund.
For more information on how to get a credit freeze, check out this checklist from the Federal Trade Commission.