The FBI is investigating a potentially massive computer hacking attack on Anthem, Inc., one of the nation’s largest health insurance companies, a federal official told NBC News late Wednesday. The company confirmed the attack.
“Cyber attackers executed a very sophisticated attack to gain unauthorized access to one of Anthem’s IT systems and have obtained personal information relating to consumers and Anthem employees who are currently covered, or who have received coverage in the past,” company spokeswoman, Kristin Binns, said in a statement.
The company said the hacked database contains 80 million records but they anticipate the actual number individuals affected will be lower.
“Anthem’s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances. Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible,” said Paul Bresson, an FBI spokesman.
The information accessed included names, birthdays, social security numbers, street addresses, email addresses and employment information, such as income data, Binns said.
“No credit card banking or financial information was compromised, nor is there evidence at this time that medical information such as claims, test results, or diagnostic codes were targeted or obtained,” she said.
The company serves customers in 14 states, including New York and California.
“As soon as we learned about the attack, we immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation,” Binns said, adding that the company had retained Mandiant, a leading cybersecurity firms, “to evaluate our systems and identify solutions.”
U.S. Rep. Michael McCaul, R-Texas, chairman of the Committee on Homeland Security, released a statement following the hack on Anthem, saying it illustrated why stronger cybersecurity laws are needed.
“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” said McCaul. “I will lead this effort with other committees in the house and senate to ensure we move forward with greatly needed cybersecurity legislation as soon as possible.”