Anthem data breach monitored; consumers urged to sign up for credit freezeby Indiana Attorney General on February 6, 2015
INDIANAPOLIS – In light of the data breach at Anthem Inc. affecting the personal information of millions of people – including the company’s health insurance customers and employees – the Indiana Attorney General’s Office has been in communication with senior officials at the company and is monitoring the situation to ensure that consumers are properly notified.
“Companies that hold consumers’ personal information have an especially important obligation to protect that stored data from theft or intrusion. The Office of the Indiana Attorney General as the state’s consumer protection agency will continue to monitor this situation in conjunction with our law enforcement colleagues with an emphasis on putting consumers first, providing tools to protect their identities and credit and addressing their concerns,” Indiana Attorney General Greg Zoeller said.
The Identity Theft Unit of the Attorney General’s Consumer Protection Division today offers answers to frequently asked questions about the Anthem Inc. data breach:
Q. What should Anthem consumers or employees whose personal data might have been breached do to deter identity theft or fraud?
A. Affected Hoosiers are encouraged to visit the AG’s Office’s web site,www.IndianaConsumer.com and scroll down to “Identity Theft and Security Breaches” in order to sign up for a free credit freeze with each of the three credit bureaus, Equifax, Experian and TransUnion. Registering for a credit freeze will prevent a fraudster from taking out a line of credit in your name without your permission; and you can easily lift the credit freeze at any time if you do wish to apply for new credit or a loan. The credit freeze will allow you to continue to use your existing credit cards as normal in the meantime. The free credit freeze sign-up page is also directly accessible at this link: http://www.in.gov/attorneygeneral/2891.htm.
Q. In addition to the credit freeze on the AG’s Office web site, are there other steps consumers should take to protect themselves against identity theft as a result of this data breach?
A. Whether or not consumers are victims of identity theft, we urge all Indiana consumers to take advantage of the credit freeze offered as a free service by the Attorney General’s Office to help protect their credit and identity. The credit freeze and accompanying information can be found at www.indianaconsumer.com along with consumer tips about preventing identity theft and fraud.
Q. What warning signs or red flags should current or former Anthem/WellPoint policyholders look for that might indicate their identities have been stolen?
A. If consumers receive a debt collection letter for an unfamiliar debt, or have a credit application rejected when they have a strong credit rating, or receive a credit or charge card that they did not apply for, there is a strong possibility that a consumer has been the victim of identity theft. If identity theft occurs, then consumers should file an ID theft complaint with the Attorney General’s Office. A complaint form can be accessed at www.indianaconsumer.com orhttps://indianaattorneygeneral.secure.force.com/IDTheftComplaintForm. Consumers who suffer identity theft also should make a police report to their local police department or sheriff’s department.
Q. Has the Attorney General’s Office received any consumer complaints of possible identity theft or fraud that appear connected to this data breach?
A. As of Feb. 5, the Consumer Protection Division has not received any identity theft complaints specifically related to the Anthem data breach. Our office is continuing to monitor the developing situation.
Q. Is there any need for Anthem policyholders to contact the Attorney General’s Office as a preventive measure if they do not already have indications of identity theft?
A. No, other than to apply for the free credit freeze previously mentioned.
Q. Does the Attorney General’s Office know where the cyber attack against Anthem originated or whether the breached data is being sold?
A. Neither the cyber hackers nor their intended purpose have been identified so far as we are aware. The Federal Bureau of Investigation is investigating, and the Indiana Attorney General’s Identity Theft Unit will assist our counterparts in law enforcement as needed.
Q. There have been several large data breaches in recent years at retailers and other large companies. Is the Attorney General’s Office pursuing any changes going forward?
A. Yes. In recent years, the Attorney General has recommended -- and the Legislature has passed -- updates to Indiana’s laws involving, identity theft, data security and customer notification in order to better protect consumers. Laws must be periodically updated as cyber-criminals become more skillful and innovative in their data-stealing tactics. In the 2015 session of the Legislature, Attorney General Zoeller has recommended that legislators pass Senate Bill 413. Among other things, SB 413 would require online operators to store consumer or financial data securely, delete or not retain data beyond what is necessary for business purposes, and share or sell data only when authorized by law or when consumers are informed in advance. The bill also would require more prompt and informative notification of affected consumers so they can take action to protect themselves in case of a data breach. SB 413 is currently assigned to a Senate committee and awaits a hearing.
NOTE: More information and consumer tips related to the Anthem Inc. data breach will be provided by the Attorney General’s Identity Theft Unit as it becomes available.