@Felicita – I should know this…but does Anthem have the SSN of anyone other than the employee? If so, I had better take action on behalf of my over 18 & under 18 year olds!
I know they have name, address, and DOB, but I don’t know if they have SSN.
I’m not sure if they have everyone’s SSN, but they do have just about every other piece of personally identifiable information so we decided to be safe rather than sorry. Our state attorney general recommends that everyone impacted place a credit freeze.
I’m not familiar with this. We have had CCs compromised several times, and each time the CC company caught it, and we got a new card. Is this just for not getting new CCs, or does it impact current loans or HELOCs?
What is everyone trying to protect against? Is this a prepper thing or does it make sense if you don’t have CCs any more?
We have had soft credit checks in the past, things that I barely remembered, and I cannot imagine for the life of me any criminal having access to those esoteric things. Or bothering.
You freeze your credit so no one can, with any of your identifying information they may have stolen, attain any new credit (take out new credit cards and have them shipped to their address, i.e.).
But if your credit is frozen with the three credit reporting agencies, you can not open any new credit accounts, take out any new loans, or anything that requires a credit check.
For many people who own their own homes, have no intentions of making any new purchases that require a credit check, or intend to open new credit cards, credit freezing is a way of putting your mind at peace that your identity is not being stolen for the sake of defrauding you. Even if your information is the victim of a data breach, no one can do any of the things mentioned above.
Rhanco- I think many of us are victim of the recent compromise of all our information including social security number with Anthrm Blue Cross.
Rhandco, this isn’t like the hacks at Target or Home Depot. This time they got names, addresses, SSNs, DOBs, employment and income info, and medical ID #s, among other things. This is worse than a compromised credit card.
For cell phones, getting a prepaid plan avoids needing a credit check. In the US, prepaid plans have historically been marketed mainly to those with poor credit and those looking for low cost low use plans, but there seems to be more awareness of them now. Prepaid plans typically mean paying up front for the phone, instead of embedding the phone cost in higher monthly plan costs.
We’ve been efiling tax returns for a very long time with CPAs and not had any ID theft issues so far. How frustrating for you! We are on thevfence, but seriously contemplating it.
It is helpful to read and learn of folks experiences with fraud alerts and credit freeze .
Thanks @ucbalumnus . I ordered the Jitterbug this evening, no credit check needed. You’re right, we did pay for the phone upfront and the monthly cost is considerably lower. Also, there’s no contract and no extra lines, so I don’t know if that made a difference. But i do know that Mom is thrilled that she’s getting her first cell phone!
I read that on Friday Anthem will begin providing 2 years of credit monitoring and ID theft protection. I expect their website to crash.
Thanks to Home Depot’s breach, we already have one year of monitoring…
Just home yesterday from Florida and my husband mentioned in passing sigh that we are affected. Apparently, it is not just those with coverage directly from Anthem in their name.
“The impacted (plan/brand) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare and HealthLink.”
http://www.anthemfacts.com/faq
The fact link warns about phishing schemes to be aware of.
“I read that on Friday Anthem will begin providing 2 years of credit monitoring and ID theft protection. I expect their website to crash.”
Supposedly, they will be sending everyone who is affected information.
I think I will go ahead and put fraud alert on.
Don’t think you are safe if you don’t have Anthem. I just received this from my insurer:
“Although UCC Health Plan members are not Anthem members, Highmark Blue Cross Blue Shield, our medical benefits administrator, partners with Anthem to serve UCC members by accessing care and processing claims.
The Pension Boards has been working closely with Highmark to understand any potential impact for UCC Health Plan members.”
@emilybee - I read that beginning on Friday, members will be able to call in and set up the monitoring. I suspect they’ve gotten some blowback about the ridiculous notion that they were going to notify 80 million people by mail on anything like a timely basis. There’s also the problem of former members having moved, and never receiving the notice at all.
I also read that anyone who’s been an Anthem member since 2004 is potentially affected. Why in God’s name are they keeping sensitive information lying around for that long? But that may explain their sudden generosity (they’re only required by law to provide one year of monitoring).
And there’s this interesting tidbit: Apparently the FAQ page was set up on December 13, three days after they first detected suspicious activity. But it didn’t go live until February 4, one day after they were outed on a security blog (and a full week after they knew for sure about the theft). It’s hard to avoid the conclusion that they suspected very early on that this was going to be a big problem, but they didn’t want to tell us until forced to by events.
There really should be a special award for Sleaziest Corporation in History.
Side question. Why did costco just sever its relationship with AmEx?
@LasMa, thx for the heads up. I set up fraud alert through Equifax (love coming home from vacay to have to deal with this stuff right off the bat) and then they tried to sell me extra identify theft service but I should be eligible to get it for free as we are a victim in the Anthem breach.
We also have identity theft coverage through my homeowners. I am going to call my insurance agent right now.
We just switched to Anthem where I work, so big surprise, suddenly they got hacked. What made this bad was unlike credit cards, they got all kinds of identifying information, including SS#, address, phone numbers, financial information and so forth, which is what you generally submit when applying for credit. The danger with other accounts, like financial accounts, is if they know your brokerage account, for example, they potentially can use the information they have to get them to reset your password (commonly they will ask for the last 4 digits of the SS#, and your address and phone number to make sure)…on my brokerage account, I put a secret question on that the breach won’t tell them, doing that with other accounts.
I put a freeze on my wife and I, they have the SS#'s for anyone covered, with health insurance these days you give them the SS# of any of the people on your plan. We don’t apply for credit often, so it isn’t that bad, and the peace of mind is nice. I need to look at out credit reports to see if there is anything out there there shouldn’t be (plus in case old accounts are there).
I think what angered me the most was the horse’s rear end that is the CEO of Anthem, sending around this “me so sorry” message that ends with the classic line “We share your pain”…like yeah, that is really, really going to make people feel better. Among other things, will Anthem next year jump rates because of the cost of this breach, so members will be doubly shafted, so that their shareholders still make ridiculous profits. What really has me angry is these breaches despite what he said are often not all that sophisticated, they in fact are due to human stupidity. For example, one of our main forms of identity for credit and government transactions is our SS#, yet a lot of places store the SS# in human readable form, where people working for the company can read it, as can anyone who hacks into a database on the company’s servers. These days, many places store passwords in encrypted form, a one way hash is common, and they could do that with SS#'s. If they need to check an SS#, they one way hash the number being queried, compare it to what is in the db, if it matches, it is okay. A hacker could obviously get the source code and figure out the hash from that, though theoretically all that would let them do is run numbers through their pirated hash code and see if there are any matches, because you cannot unhash a number stored like that.
Worse, I know how Anthem’s IT operations work, and like so many companies they outsourced large parts of their system to companies, many of them overseas, and their checking of the code is lax, and there have been some breaches recently that were due to trojan horses left in the code that an outside hacker could hit.
The sad reality is that even with all these massive breaches, many people treat the security of data as a joke, and knowing what I do of Anthem and the other insurance companies, their security policies and the way they do things are designed to be as cheaply done as possible. Part of the problem is that companies either see these breaches as the cost of doing business, or figure that if it happens, that in the end it won’t cost them much, since they can pass the cost on to the people doing business with them (for example, with credit cards, fraudulent transactions figure into the interest rates they charge and the fees they charge businesses). One of the things I am sorry we don’t see is regulators putting in place laws, like for example that Anthem cannot pass the cost of the breach on to its customers, that the company has to take the hit for it. Shareholders may not be happy, but it is about time that companies pay the price for their own stupidity and shortsightedness. On top of that, if they investigate and find out that the breach was caused by not taking prudent security measures, they should also fine the companies, or allow class action suits by those affected by the breach. Even if people end up not facing identity theft, the pain of having to go through all these hoops, and worse, how hard it is to fix your credit and such if you have had your identity stolen (even some credit card companies, when there is fraud on a card, make it the cardholders fault, give them the third degree. Friend of mine had his credit card hacked, someone ordered 5 grand of audio equipment, had it shipped to north carolina, and the card company accused him of fraud, even though he lives in NJ, and they know who it was shipped to…he only got satisfaction when he called the state department of banking who told the issuing bank that if they found out this was policy, they would take them to court, that the breach was their headache, not the consumers). Old “Joe” (I loved that he signed his open letter as “Joe”, just made me feel warm and fuzzy) might share our pain, but he doesn’t, they will make big noise about caring about their customers, but in the end, he will feel very little pain, he will still get his pay and bonuses, as will the other executives including their head of information security and CTO, and will add the cost of the cleanup unto the premiums they charge (while saying it is because of frivolous lawsuits, people abusing insurance), and hope this will be forgotten. I read not long ago in I believe “The Economist” that business groups are pushing for legislation that will indemnify companies that have suffered data breaches…
Does anyone know if a mental health provider is compromised? I have a number of collegues who are on various Blue Cross panels. I am not but did put a freeze on all 3 credit companies after the Target deal.
Last week we received new credit cards from Capital One with a vague explaination that some of their customers had been compromised. The annoying thing, for us, is that now we each have our own number. It has been nice to have H return an item, for example, to a store and because our numbers were the same he could do that.
My biggest beef though /
is that I have to change the card on Amazon and Zappoes.
I just got off the phone with my homeowners insurance company. They are taking care of everything - notifying the credit bureaus and will be monitoring all our credit reports for fraud. It also includes coverage up to $25K with no deductible if something happens and they take care of replacing all documentation if needed, contacting your banks, etc.
There are also a few other things it covers - like protecting your keystrokes from being monitored, etc.
@emilybee, does this affect your homeowners’ premiums? i just callled my insurer and the agent said the breach so far didn’t affect HI but did affect a whole long list of other states, including states where our kids and we have had service! She didn’t really know any more than is on their health insurer website. UGH!