Not all data breaches are created equal, and the Anthem health insurance hack is about as bad as they get for consumers.
Why? This time the crooks got Social Security numbers. For identity thieves, the Social Security number is the key that unlocks the vault, and they now have millions of them.
Following the more typical data breach, where names, email addresses, physical addresses and other basic information is taken, victims can expect to be hit with phishing emails with the idea of extracting that last -- and most important -- bit of information: The Social Security number.
With that already gone, however, the tactics Anthem customers should employ are more urgent and more intense.
"On its website, the company highlights the fact that no credit or debit card information was stolen, knowing full well that's the least dangerous information to lose," Neal O'Farrell, security and identity theft expert for CreditSesame.com, said in an email. "The victims of this breach, who lost their name, date of birth, and Social Security Number to hackers, now face a lifetime of potential victimization."
Those who are at risk are customers of Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
Law enforcement officials, consumer advocates and security experts recommend victims take the following steps:
- Place an initial fraud alert with one of the three major credit reporting agencies. Regardless of whether you call Experian, Equifax or TransUnion, that company must notify the other two.
- The initial alert, which is free, will last for 90 days. It will make it harder for someone else to use your personal information to get credit by requiring verification of identity.
- Consider the stronger step of using a security freeze. This must be done through each of the agencies separately and could involve a fee. But it should prevent anyone from accessing your credit. But it will also prevent you from applying for any line of credit unless you remove the freeze.
- Watch for the warning signs that identity theft has already taken place. They include bills for credit cards you're not familiar with, and seeing someone else's name on bills sent to you.
- Request your free credit report from the official AnnualCreditReport.com website to see if there has been any unusual activity. You're entitled to one apiece each year from each of the credit reporting agencies.
- Be on guard for scams that take advantage of all the information thieves could know about you. Do not provide any personal or financial information over the phone or via email to any source that you have not independently verified. It is easy or a crook to appear to be from your bank or even from Anthem and, given what they know, they can appear even more believable.
- Keep a close eye on your mail for letters related to the breach, and consider taking credit monitoring if it is offered. Credit monitoring, which is designed to alert you to unusual activity with your credit, is a tool, but is neither foolproof nor preventative.
- If you see unusual activity, report it as quickly as possible. The sooner a problem is addressed the better the chance you have of getting it fixed.