Modern field guide to security and privacy

Four steps for Anthem customers to protect themselves after the breach

Data stolen from the nation's second-largest insurer gives bad guys a lot of leeway for scams. Here's how consumers can neutralize the threat.

|
Gus Ruelas/Reuters
An office building for healthcare insurer Anthem, the second biggest provider in the country, in Newbury Park, Calif.

The attackers who broke into Anthem Inc. databases absconded with details associated with 80 million people but didn't steal medical records. Still, they took enough personal information that in the wrong hands could make life miserable for affected consumers.

According to identity theft experts, the toxic combination of Social Security numbers, birthdays, addresses, and e-mail addresses is a potent one for carrying out a raft of scams.

The breach itself could be used to trick consumers into giving up even more personal data to bad guys. Now that Anthem has alerted tens of millions of consumers that the company will be in touch if their records were compromised, those members should be on the lookout for correspondence.

"Now the hackers are going to be aware of that and they're going to attempt an e-mail supposedly from Anthem and then attempt to phish for more information," says Brian Richards, identity theft product expert for Protect Your Bubble, a national ID protection insurance firm.

"So that's your highest risk," he says, referring to the practice of phishing in which digital con artists use e-mails to trick people into handing over sensitive information. 

These kind of "piggy-back attacks" are a classic approach following a public breach, says Lee Winer, senior vice president of products and engineering for Rapid7, a Boston security firm.

Anthem did alert customers that future correspondence would come by snail mail, a move that it should get kudos for, says Dwayne Melancon, chief technology officer of Tripwire, a Portland, Ore., risk management firm.

But Mr. Melancon recommends caution on that front, too. "Be on the lookout for potentially fraudulent requests for information requested by mail – remember, the criminals have mailing information, as well," he says. "Trust, but verify."

Meanwhile, consumers should be aware that the information already stolen grants criminals the power to carry out a number of fraudulent attacks far more dangerous that phishing, says Mr. Richards of Protect Your Bubble. 

"We're worried about them getting into your credit report because they have your social, your e-mail, as well as your address and other key verification pieces," he warns, explaining that from there an attacker could potentially have cards cancelled and reissued to bogus post office boxes or, more frightening, have entirely new cards issued.

"I've seen in the past where hackers will tap your credit limit as far as it can go," Richards says.

The information stolen may also be enough to approach victims' banking institutions and execute wire transfers or take out auto loans. Many financial institutions use social security numbers, dates of birth, and addresses to verify changes to passwords and to verify financial transactions.

In order to protect themselves, says Richards, consumers should think about taking the following steps:

1. Change e-mail contact information with Anthem and other financial institutions. 

"E-mail has gotten far more important for verification these days," Richards says. Consumers can take away the potential for phishing or future fraudulent action by essentially burning the email address they had associated with their Anthem account, he said.

2. Contact credit bureaus and set up monitoring

Some experts such as Melancon suggest that consumers potentially affected by the breach consider freezing their credit report altogether.

But that may be extreme unless a consumer has confirmed they're affected and there's already suspicious activities on their accounts, Richards says. At the very least they should set up monitoring and stay on top of new activity on their report, he says.

3. Set up alerts with financial institutions

In the same vein, Richards recommends approaching all of the financial institutions and card companies they do business with and setting up alerts for high-risk transactions within their accounts. 

4. Change your challenge questions

Finally, another way consumers can protect their accounts is by changing the challenge or verification questions they use to new questions they've never used before. 

"I'd advise they set up those security questions across all of their financial institutions, so their banking institution for accounts, mortgages, auto loans, and so on," Richards says. "That's really important."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Four steps for Anthem customers to protect themselves after the breach
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0206/Four-steps-for-Anthem-customers-to-protect-themselves-after-the-breach
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe