Anthem Inc., the country’s second-biggest health insurer, said hackers broke into a database containing personal information for about 80 million of its customers and employees in what is likely to be the largest data breach disclosed by a health-care company.
Investigators are still determining the extent of the incursion, which was discovered last week, and Anthem said it is likely that “tens of millions” of records were stolen. The health insurer said the breach exposed names, birthdays, addresses and Social Security numbers but doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers, nor are there signs the data are being sold on the black market.
Anthem, which offers Blue Cross Blue Shield plans in California, New York and other states, said it doesn’t know precisely how many people may be affected. So far, it appears that the attack detected last week is the only breach of Anthem’s systems, and it isn’t yet clear how the hackers were able to obtain the identification information needed to access the database said Thomas Miller, the insurer’s chief information officer.
The insurer said it would reach out to everyone whose information was stored in the hacked database with a letter and, where possible, email. It is also setting up an informational website and will offer to provide a credit-monitoring service.
Its decision to reveal the attack days after its discovery, even as the investigation is getting under way, may signal a changing attitude among corporate executives about rapid disclosures in the wake of breaches of companies including Target Corp. , Home Depot Inc. and Sony Pictures Entertainment Inc..