Q & A: Anthem’s Data Breach And What You Need To Know

Q: I keep hearing about Anthem being a hacking target. What happened and am I at risk?

A: Anthem Inc., the second-largest health insurer in America, was targeted in a major security breach over the last month. New reports suggest hackers have been trying to compromise the company’s systems for months and may have been inside their system since December. According to the company, 80 million Anthem customers may have had their names, Social Security numbers and addresses compromised.

This is a unique event in the recent history of cybersecurity. Previous hacks, like those affecting Home Depot or Target, were attacking hardware. Hackers were exploiting vulnerabilities in computer hardware and software to gain access to confidential data. Here, the company is reporting that hackers had a different target: company employees.

Anthem reports that, beginning in December, hackers acquired login credentials of five employees. The employees could have been victimized by malware or social engineering scams. The hackers trying to beat Anthem didn’t need to find a flaw in the computer infrastructure. Instead, they just had to find a weakness in the people operating those systems.

Once they had these credentials, hackers used their access to do two things. First, they breached the company databases. Once inside, they exposed addresses, dates of birth, employment history, employment information, income data, medical ID’s, names and Social Security numbers. Particularly noteworthy is the fact that payment information was not compromised. That means there’s no need to cancel credit cards that were used to pay Anthem bills yet. Second, hackers created a number of phony email accounts with Anthem domains.

There are two ways victims might be affected by this scam. First, they might have their personal information stolen. This group exclusively consists of current and former Anthem customers. Given the timing of the hack, this will likely result in a fraudulent tax returns and possibly other instances of identity theft.
The second wave of victims is only just now emerging. The fake email accounts have been used to send wave after wave of “phishing” attacks to Anthem customers. These attacks take the form of an email apology with an offer for a year of free credit monitoring. Recipients of the email are redirected to another website to enter their Social Security number and other personally identifying information. This information is then used to commit any of a smorgasboard of identity theft crimes.

Anthem is currently being sued in several states. One lawsuit alleges current and former Anthem subscribers were misled about the security of their personal information and is seeking unspecified damages from the provider in overpaid premiums. Another pending lawsuit is seeking damages resulting from the frauds themselves. Until these lawsuits are settled, Anthem will likely not make any public statement of responsibility or apology, as this could be viewed by the courts as an admission of guilt. At this time, Anthem is offering no free credit monitoring service nor has it made any statement to members outside the press.

If you’re an Anthem subscriber, there are a few steps you should take as soon as possible. To find out if you’re an Anthem subscriber, check your insurance card. If you’re part of a group plan at work, you may need to ask your HR representative if your plan is administered through Anthem. In the meantime, take these three steps.

1.) File your taxes.

This will be one way to check if your Social Security number has been compromised. The state of Connecticut is encouraging their citizens to file early if they’re Anthem customers so hackers using stolen Social Security numbers will be easier to detect.

2.) Put a fraud alert on your credit report.

Contact any one of the three major reporting bureaus (Experian, Equifax, or Transunion) and explain your worries. A fraud report on one account will create a fraud report on all three, so there’s no need to duplicate your efforts. This report will notify you if anyone attempts to open an account in your name during the next 90 days. If you’re absolutely sure your number has been compromised, it might be worth putting a freeze on your credit history. This will prevent anyone from checking your credit or from opening up any account in your name, including you. While drastic, this measure is a sure-fire way to keep yourself safe.

3.) Get proactive with government services.

Notify the Social Security Administration and the Internal Revenue Service of the possible fraud to ensure that no one attempts to file a change of address form in your name. The US Postal Service also maintains a similar service. These steps will ensure that you’ll at least get a paper trail if someone makes an attempt to steal your identity.

Anthem is maintaining a toll-free question line.  Customers with concerns or fears should call 877-263-7995.  They have also created a website – www.AthemFacts.com – with up-to-date information about he scope and severity of the breach.  They have made it clear that future contact with customers affected by the breach will be made by mail. 

Remote Deposit Applications: The Convenience Of The Future, Today!

Imagine you’re talking to someone who’s been in a coma for 20 years. They see

you pull a device out of your pocket or purse that is more powerful than the biggest, fanciest computers from the last time they were conscious. What’s more, it’s got a GPS, a digital camera and enough storage capacity to fit the Library of Alexandria on it hundreds of times over. The smartphone has been a technological revolution, and it’s slowly becoming the way more and more of us handle most of our affairs.

It’s really no surprise, then, that smartphones are the way people in this dazzling science fiction future do even basic things like depositing checks. Yes, remote deposit applications are becoming more common and offered by more financial institutions every day. With the passage of the Check Clearing for the 21st Century Act (AKA: “Check 21”), financial institutions are quickly moving toward a world of digital checking. Thanks to the Act, a digital image of a check is now a legally binding document, just like the check itself. This change is what opened the door to direct deposit from your pocket. 

Here’s how the system works. Someone writes you a personal check. You take a picture of the front and back of the check with your smartphone using the app provided by your credit union. The app on your phone then transmits the images to your credit union, which can immediately deposit the check into your account.

Everyone who works with checks can stand to benefit from remote deposits. Small businesses can take personal checks without a waiting period, enabling them to take more forms of payment from more people. Busy workers can deposit paychecks without having to race the clock to make it to their institution before closing time. Consumers can quickly and securely transfer funds to their savings.

Institutions also benefit from the efficiencies that are gained by offering by remote deposit. Paper checks have to be scanned and processed by hand, which takes lots of labor hours. Remote deposit takes considerably less time, allowing financial institutions to keep costs lower and pass the savings onto members through better rates and other programs.

The one downside for consumers is the absence of “float.” Typically, it takes checks a day or so to be processed. So, writing a paper check might give a consumer a little time to get the money together and put it in the bank. Because remote deposit works much faster, the “floating” period, the time between when a check is written and when it’s deducted from the account, is much shorter. “Floating” a check like this is illegal and can cost a fortune in fees, fines and penalties. It’s a bad practice even when it is possible.

Concerns over security are largely unfounded. While the remote deposit application does make it possible to deposit the same check twice, unique check identifiers make this process very easy to detect. One Kentucky man attempted to operate such a con with Western Union money orders and managed to defraud Kroger grocery stores of $12,000 before he was caught days later. The money was returned and the perpetrator went to jail. Realistically, the same concerns exist with photocopied paper checks, a problem that barely registers in the minds of most security experts. In fact, data clearinghouse EasCorp estimates that many more of these “double-deposit” incidents are simple accidents rather than complex frauds.

Conversely, remote deposit may be a way to stop an under-reported style of check fraud known as check kiting. In a kiting scam, a criminal writes a check with insufficient funds from one account, then writes another check from a different account, also one with insufficient funds, to cover the first check. Because paper checks typically take a day or two to process, these “floating” checks are never returned for insufficient funds and the scammer gets away with the balance of the first check. Thanks to the nearly instantaneous return of mobile deposit checks, this kind of fraud is much more difficult, if not impossible.

Worries about data theft or other hacking can also be put to rest. Cellphone data encryption is the same as the encryption for any other Internet service. Check images are no more likely to be stolen from a cellphone than they are from a check clearinghouse after a paper transaction. There’s nothing unique about cellphone data that makes it easier to steal.

Taking reasonable precautions with remote deposited checks will make life considerably easier. If you choose to take advantage of remote deposit, keep the check for a brief period after your remote transaction – no more than 7 days. This holding period is to ensure the image was of sufficient quality for every institution in the chain and that there are no issues with processing. Once that period passes, clearly mark the check as deposited and shred it. This could be quite a bit of paperwork if you’re a small business owner who takes a lot of checks. But if you just want to use it for your paycheck, it shouldn’t be too hard to keep up.

Remote deposit isn’t just the future of mobile banking, it’s already here. And it’s an exciting time for it. If you’re one of the 45 million people who take advantage of smartphone banking services, you should be excited about remote deposit, too. It won’t change your life, but it will make a lot of your transactions easier, faster, and safer than ever before.

If you want to access remote deposit to Destinations Credit Union, download the Sprig for Co-Op application from the Google Play Store or iTunes Store.