Here are some questions and answers about the huge data breach at Anthem, the nation’s second-largest health insurer.
Q What happened?
A Hackers stole data on up to 80 million current and former Anthem health care customers, including names, birth dates, Social Security and medical ID numbers, email addresses, street addresses, telephone numbers and employment data , including income. Credit card and medical data are not believed to have been affected.
Q Why do I care?
A Breaches of data that include your name, Social Security number and date of birth can lead to fraudsters using that information to open accounts, seek services or take jobs in your name.
Q What is “spear phishing,” and why should I be afraid of it?
A “Spear phishing” means using your name and other personal data together to tailor bogus mail, email, texts, automatic phone calls or live calls to you, aimed at making you believe you’re talking to a business or other entity you trust. Fraudsters might use this familiarity to trick you into giving them your passwords or even sending them money; some “spear phishing” communications look like invoices from businesses you patronize.
Arrrgh! How can I protect myself?
1.) Keep your wits — be extremely skeptical of anyone trying to get additional personal information, passwords or payment from you.
2.) Anthem said it will be offering the victims of the breach credit monitoring and personal identity protection services in the coming weeks, but its FAQ on the hack doesn’t include details. You can take action now by contacting one of the three credit reporting agencies — Experian, Equifax or TransUnion — to request a fraud alert. (When you request it from one bureau, it will notify the other two for you.) Your file will be flagged as a possible fraud victim so creditors should take additional steps to verify your identity before extending credit. The federal Fair Credit Reporting Act lets you place an initial alert for 90 days, which is renewable for 90-day periods indefinitely. You can cancel the fraud alerts at any time.
Here are some numbers and websites:
Equifax fraud department: 888-766-0008 http://bayareane.ws/ExperianAlert
Experian fraud department: 888-EXPERIAN (888-397-3742) http://bayareane.ws/ExperianFraud
Trans Union fraud department: 800-680-7289 http://bayareane.ws/TransUnionFraudAlert
If you do become an identity theft victim, you can get an “extended fraud alert” that stays in effect for seven years.
Equifax extended fraud alert: http://bayareane.ws/EquifaxFraudAlert
Experian extended fraud alert: http://bayareane.ws/ExperianExtendedAlert
TransUnion extended fraud alert: http://bayareane.ws/TransUnionExtendedAlert
3.) Once you’ve established the fraud alert, you’ll get a follow-up letter from each credit bureau explaining how you can order a free copy of your credit report. DO IT, then check carefully for any sign of fraud such as credit accounts that aren’t really yours. Also, check that Social Security numbers, addresses, phone numbers and employment information are correct. Every consumer can get one free credit report every 12 months from each of the three bureaus, over and above the report that you can request upon establishing a fraud alert. And California law lets you get one free report each month for the first 12 months upon request.
4.) Consider requesting a security freeze, which is stronger than a fraud alert because it prevents anyone from accessing your credit file until and unless you authorize the credit bureaus to release your report. This might be inconvenient if you will be applying for new credit, renting an apartment, or seeking a job involving a background check, because you will have to lift the freeze on your credit file for these situations. Generally, you can ask that it be lifted for a certain period of time, or for a specific creditor. There may be a small fee to place and/or lift the freeze; in California, it’s free to identity-theft victims.
Equifax security freeze: http://bayareane.ws/EquifaxFreeze
Experian security freeze: http://bayareane.ws/ExperianFreeze
TransUnion security freeze: http://bayareane.ws/TransUnionFreeze
For more information on security freezes: http://bayareane.ws/CreditFreezeInfo
What if I find evidence that I’m a victim of credit fraud?
Report it immediately by writing to the credit bureaus and the credit issuers, following instructions provided with the credit reports. The Federal Trade Commission provides a sample letter for requests that bogus accounts be removed: http://bayareane.ws/FTCIDTheftInfo. In all communications with the credit bureaus, refer to the unique identification number assigned to your credit report, and send all mail items certified with return receipt requested. Be sure to save all credit reports as part of your fraud documentation.
What if someone uses my Social Security number to get a job or other benefits?
Call the Social Security Administration at 800-772-1213 or visit a local Social Security office. Keep records of the times and dates on which you made calls or sent letters, and keep copies of letters in your files.
What if someone uses my name or health insurance number to see a doctor, get prescription drugs, file insurance claims or get other care?
Use your right under federal law to request copies of your medical records, and check them for errors or fraud. In each case of possible fraud, contact each doctor, clinic, hospital, pharmacy, laboratory and health plan; for example, if a thief got a prescription in your name, ask for records from the health care provider who wrote the prescription and the pharmacy that filled it. You may need to pay for copies of your records. Keep copies of your postal and email correspondence, and a record of your phone calls, conversations and activities with your health plan and medical providers.
If your provider refuses to give you copies of your records, appeal to whomever the provider lists in its Notice of Privacy Practices, the patient representative, or the ombudsman. If the provider refuses to provide your records within 30 days of your written request, complain to the U.S. Department of Health and Human Services’ Office for Civil Rights: http://bayareane.ws/HIPAA .
How can I find out more about whether my information was stolen from Anthem?
Anthem will share information on the breach at www.anthemfacts.com, and current and former members can call 877-263-7995 with questions.
