Request Legal Help Now - Free

Advertisement
LAWSUITS NEWS & LEGAL INFORMATION

Increasingly Savvy Hackers Snatched Billions of Dollars in Data

. By
Seattle, WACyber thieves slipped through an unlocked door somewhere in the Anthem computer system and made off with the personal data of up to 80 million people. That number includes the health care provider giant’s past and current clients as well employees.

According to Joseph Swedish, Anthem’s CEO, the cyber thieves accessed home addresses, e-mail addresses, client names, birth dates, as well as social security numbers and health care information.

“Cyber criminals are becoming more sophisticated every day,” says Craig Spiezle, the executive director of Online Trust Alliance (OTA).
“They gather data like marketing companies do. They collect and append data from multiple sources, and the more information they have about an individual, the more valuable it becomes.”

Hackers often walk right into the system. They use “social engineering” to gain access to the company. They find out the systems administrator’s e-mail and then fake an internal e-mail asking the administrator to open certain files.

“They may ask that person to open up a pdf of the current financial plan saying they would like to get some feedback,” notes Spiezle. “That is social engineering,” he says. “More and more often we are seeing these malicious entries coming from a typical phishing e-mail.”

Then, bang. They’re in.

“The information they gather is often traded and sold in the underground economy,” explains Spiezle. “They may have credit card numbers stolen from Target or Home Depot that they can trade and match up with health care information, employment histories. It becomes very valuable.”

Hackers can use the information to file false tax returns, obtain new credit cards and steal identities - in addition to an almost endless list of nefarious activities that could damage the individuals whose information has been snatched.

At least 40 class-actions lawsuits have been launched against Anthem, which happens to be the second largest health care provider in the US.

In Denver, Colorado, attorney Patrick Peluso from Woodrow & Peluso, LLC has launched a putative class action on behalf of woman from the state claiming breach of contract. “Our case alleges that Anthem’s privacy policies and its website explicitly say they will protect people’s personal information and they didn’t,” says Peluso. “The early reports are that its internal data was not encrypted and that it did not have a two-step authorization system in place.

“We argue that people overpaid for their premiums as a result of Anthem not protecting data the way it said it would,” says Peluso. “People would not have paid the premium price if they had known their social insurance numbers, and other types of data, were at risk.”

Litigators at Hagens Berman have also launched a class-action suit on behalf of an Anthem client.

In a press release, Hagens Berman partner and former cyber security prosecutor, Thomas Loeser, pointed to a failure to encrypt internal data as the problem at Anthem.

“We consider this the smoking gun of this investigation. Anthem knew the importance of encryption, as it encrypted data that was sent outside of its databases. But it did not take this basic step for data that it kept within its systems, leaving vulnerable a gold mine for cyber criminals,” he was quoted as saying.

Loeser believes that Anthem’s trove of hacked data, particularly because it contains multiple sources of data for each individual, could be worth up to $20 billion in the shady world of cyber theft.

“I don’t know exactly what happened yet in Anthem’s case,” says Spiezle. “Companies are trying to do a better job, but there is no excuse for negligence either.

“Think of these companies like big ships,” says Spiezle. “Someone opens a window, the ship begins to take on water and sinks.

“The first question we always need to ask is did the company have good defenses in place?” he says. “Then we ask what did they do to detect the problem and what did they do to contain it?”

Spiezle, who recently attended the White House Cyber Security Summit, where business and government agreed to continue working together to put the brakes on cyber theft, says cyber security requires a “holistic approach.”

“Security has to be everyone’s job,” says Spiezle.

READ ABOUT DATA BREACH LAWSUITS

Data Breach Legal Help

If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to a financial lawyer who may evaluate your Data Breach claim at no cost or obligation.

READER COMMENTS

Posted by

on
I don't know yet...They have already contacted me about the theft and giving us two years of protection and monitoring service, but I see where they probably got my information on Blue Cross of Arizona, and Caremore before that. The problem is, it's like a Time Bomb, not knowing when with all the information they have, and my great credit rating, where it's going to hit. I guess I could lock my credit up, but will that effect my current Credit cards? Loans? I just don't know..

ADD YOUR COMMENT ON THIS STORY

Please read our comment guidelines before posting.


Note: Your name will be published with your comment.


Your email will only be used if a response is needed.

Are you the defendant or a subject matter expert on this topic with an opposing viewpoint? We'd love to hear your comments here as well, or if you'd like to contact us for an interview please submit your details here.


Click to learn more about LawyersandSettlements.com

Request Legal Help Now! - Free