Anthem Hacking Attack Data Breach Probed by New York, States

Updated on

New York and at least two other states are examining how a data breach at health insurer Anthem Inc. may have affected customers.

Anthem, the second-biggest U.S. health insurer by market value, said hackers obtained data on tens of millions of current and former customers and employees in a sophisticated attack that has led to a Federal Bureau of Investigation probe.

The information includes names, birth dates, Social Security numbers, street and e-mail addresses and employee data, including income, Anthem said in an e-mail. The company will notify customers who were affected and provide credit and identify-theft monitoring services for free, Chief Executive Officer Joseph Swedish said in a letter to members.

Connecticut Attorney General George Jepsen said he sent a letter to Anthem Thursday seeking information about the company’s security measures, how it discovered the breach and measures it’s taking to protect against future attacks. Massachusetts Attorney General Maura Healey also said she is investigating the matter.

New York Attorney General Eric Schneiderman has “reached out to Anthem to discuss how the company can best ensure that consumers across New York state are protected,” a spokesman for Schneiderman, Nick Benson, said in a statement.

JPMorgan, Sony

Data security has become a priority for some public officials in wake of earlier breaches at JPMorgan Chase & Co., Sony Corp.’s entertainment unit and Target Corp.

Last month, Schneiderman proposed what he called the strongest data security law in the nation. The proposal followed President Barack Obama on Jan. 13 calling for new laws requiring companies to disclose instances when they’ve been hacked and preventing companies from profiting from student data.

California Attorney General Kamala Harris on Thursday urged consumers to take precautions after reports of the Anthem breach, such as by reviewing credit reports, placing fraud alerts on accounts and watching out for so-called phishing schemes, through which scammers use e-mails to trick consumers into giving additional private information.