Home Depot. Target. Sony. It seems data breaches are on the rise and the most recent hack into Anthem's computer network may have compromised as many as 80 million customers. It appears credit card or medical information was not the target, and names, birthdays, social security numbers, street addresses and employment information (including income data) were obtained.
Anthem is the country's second largest health insurance company and the parent company of Blue Cross Blue Shield, Amerigroup, Caremore, Unicare, Healthlink and DeCare. The company is still trying to determine how many customers may have been affected and will offer credit monitoring and identify protection services free of charge.
This news comes as Intuit's TurboTax, the nation's largest seller of tax preparation software, announced Friday that it would begin accepting electronic submission of state tax returns after taking a 24-hour pause to beef up security measures due to reports of taxpayers in a number of states logging in to submit their state tax returns to discover that some had stolen their identity and already filed in their name. It is reported that a third-party security expert found the fraudulent activity did not result from a breach of Intuit's system. The company says the information used to file fraudulent returns was obtained from other sources outside the tax preparation process. There have been no reports of federal filings being affected. Both the IRS and states have sophisticated software to detect and prevent identify theft, but it seems no system is perfect.
With people on edge, due to all of the recent data breaches and fears of fraud, this is a prime time for scammers using "phishing" emails to trick consumers into sharing personal data. These "fake" emails appears to be from a legitimate company asking their customers to log into their accounts to verify or update your information to protect their data or often offering free credit monitoring services by clicking on a link that asks for personal data. Phishing comes in a variety of forms such as "Immediate Action Needed", "Update Notification", etc. Since companies do send out legitimate emails to their customers for these purposes it's often hard to decipher what is legitimate and what is a scam.
Virtually everything is electronic these days and cybersecurity has become a massive issue. Lawmakers are currently debating legislation to require companies to notify customers within a set time period when their information has been exposed through a breach in security. The legislation would also create nationwide data security standards. The effort to pass a federal data breach bill has received more momentum with recent high-profile data breaches at companies like Home Depot and Target. And, the recent cyberattack on Sony Pictures Entertainment has certainly brought more attention to this issue.
Even President Obama, in his State of the Union address, has called for a uniform national data breach notification standard. This should certainly be a top priority for our new Congress. While notification laws deal with what happens after a data breach, the National Retail Federation (NFR) has has been working on a range of proposals intended to improve credit and debit card security and avoid breaches. NRF has insisted that new credit cards being issued this year should require use of a secret personal identification number in addition to a computer microchip, and supports other options including retailers storing only authentication codes rather than card numbers.
With potentially 80 million Anthem customers affected in a country with a population of 318 million, 25% of Americans may have been exposed in this most recent hack. Now is the perfect time to take a look at your company's exposure.