Anthem Inc., the second largest U.S. health insurer, said Wednesday that its computers were hacked and data on some 80 million customers and employees may have been exposed.
“Anthem was the target of a very sophisticated external cyber attack,” the company said in a letter to its members. “These attackers gained unauthorized access to Anthem’s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.”
It said that there’s no evidence that credit card or medical information – such as claims, test results or diagnostic codes – were targeted or compromised. There was no word on how the hackers got in or who may be responsible.
The FBI said tonight that it’s aware of the Anthem intrusion and is investigating the matter. “Individuals contacted by the company should take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov,” the agency said in a statement.
The FBI praised Anthem for notifying them right away of the hack. “Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible. Rapid notification allows the FBI to quickly deploy our cyber experts to preserve evidence and work with a company’s incident responders to help them remediate their networks and rid their systems of harmful malware.”
Anthem said once it dicovered the attack, it “immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation,” the company said. “Anthem has also retained Mandiant, one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.”
Joseph R. Swedish, CEO of Anthem, said associates’ personal information, including his own, was accessed during this security breach.
“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he wrote.
Anthem said it will individually notify current and former members whose information has been accessed as well as provide credit monitoring and identity protection services free of charge so that those affected.
Anthem offers Blue Cross Blue Shield plans in California, New York and 12 other states.With reporting by ABC News’ Mike Levine.