Anthem hack puts at least 8.8 million NON-customers at risk

It’s bad enough when a company you are doing business with gets hacked, and your personal information is exposed.

But it’s even more annoying when a company that you have no relationship with suffers a serious data breach by hackers, and your details *still* get exposed.

That’s the ghastly scenario being faced by at least 8.8 million people, who until yesterday probably imagined (quite understandably) that they were not going to be affected by the hack of Anthem Inc which made headlines around the world earlier this month.

As reported at the time by We Live Security, determined hackers appear to have gained access to the names, birthdays, social security numbers, street addresses, email addresses and employment data of almost 80 million customers and employees of the second-largest health insurer in the United States.

Back then, Anthem was criticised by ten US states for being too slow in notifying customers that their data had been exposed.

But what wasn’t known until now is that an additional 8.8 to 18.8 million people who were not Anthem’s customers could also be victims.

Anthem Blue CrossThe reason is that the breached Anthem database didn’t just include the details of customers of Anthem-run Blue Cross Blue Shield healthcare plans, but also for customers of Blue Cross Blue Shield plans run by independent firms across the country where Anthem doesn’t have a presence.

Anthem runs Blue Cross Blue Shield healthcare plans in 14 US states (California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, Ohio, Wisconsin, and parts of New York and Virginia). But a further 37 partner companies cover an additional 105 million people under the Blue Cross Blue Shield license outside those territories, in states such as Texas, Florida, and Minnesota amongst others.

All in all, it’s pretty upsetting news for those affected – especially if they imagined they would have been immune from the Anthem breach because they weren’t an Anthem customer.

The one piece of good news is that Anthem still does not believe that any financial or confidential health information was accessed.

Anthem, which used to be known as WellPoint, says it will provide free credit monitoring and identity protection services to customers whose data was compromised.

More details can be found on, a website set up to deal with the aftermath of the hack. Alternatively you can call 877-263-7995, a toll-free number established by Anthem.

If you are concerned by the Anthem hack, be sure to check out our five defensive tips.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.