I wrote yesterday about Anthem’s recent data breach and the personal email I received from Joe, Anthem’s president. At the time I wrote:
I don’t believe safeguarding my info was important to you.
Good guess on my part! The Wall Street Journal discovered all our personal data was kept in the computer equivalent of a metal box under the bed.
Anthem Inc. stored the Social Security numbers of 80 million customers without encrypting them, the result of what a person familiar with the matter described as a difficult balancing act between protecting the information and making it useful.
For Anthem it meant the data was easier to access. Anthem wasn’t the only party that benefited.
Because the data wasn’t encrypted, it would be easily readable by hackers. The company believes a hacker group used a stolen employee password to access the database.
That makes Anthem’s declaration seem misleading at best.
Anthem was the target of a very sophisticated external cyber attack.
Not only isn’t using a stolen password a “very sophisticated attacked,” it’s not sophisticated at all. It’s the most common vector of entry for computer hacking. As far as I see, Anthem had no protection here at all.
Here’s another case where the safety of users has been compromised in what surely was a financially based decision. It’s Friday and I hate Anthem more than I did yesterday.