Anthem Insurance Company, the second largest in the United States, was the target of a cyber attack, hackers managed to steal personal data for many former or current clients and employees of the company, reports Reuters. Anthem announced Wednesday that hackers broke into an IT system which contains data for up 80 million people. Anthem has about 40 million customers in the United States.
The company said were stolen data to a unknown number of its current and former clients, including social security numbers, date of birth, addresses and email addresses, as well as details on salaries, adding that the reported attack US Federal Bureau of Investigation (FBI) and IT security companyFireEye Inc. was employed to investigate the attack.
“We do confirm that this was done by an advanced group using custom malware,” said FireEye spokesman Vitor De Souza, noting that Anthem employees identified the breach, which was limited to a window of a few days.
“We know across the board that when you do see something, you need to act fast”, which Anthem appears to have done, De Souza said.
Anthem said in a statement that, including income data, had been accessed in what it described as a “very sophisticated attack”.
“That information is a treasure trove for cybercriminals. It can easily be sold on underground markets within hours and used for a wide variety of identity fraud schemes,” said Stuart McClure, chief executive of cybersecurity firm Cylance Inc.
“This attack is another reminder of the persistent threats we face, and the need for Congress to take aggressive action to remove legal barriers for sharing cyber threat information,” U.S. Rep. Michael McCaul, a Republican from Texas and chairman of the Committee on Homeland Security, said in a statement late Wednesday, according to Reuters.