As expected, I got the “We’re Sorry” message from Anthem.
Honestly I’d rather have them pony up the money for two years on my existing LifeLock membership rather than someone I’ve never heard of.
At least The credit fixing service is based in Texas and not off shore. I note that the product Anthem is signing us up for is identity repair, NOT Identity theft monitoring. Since there are a lot of children who were covered under Anthem Policies, Two years of repair is next to useless since children are unlikely to know that their identities have been compromised for possibly decades.
I have no children to protect in this situation, I mention it because the hot ticket in ID theft today isn’t adults, it is in fact children. The crime goes un-noticed for years and by the time a child or their parents figure out something is amiss it’s a sisyphean task to correct the damage.
It’s my opinion that this email and Anthems 2 year plan is nothing more than corporate hand waving to make it look like they’re taking responsibility for their carelessness, and that they’re taking corrective action.
I strongly suspect that the measures Mandiant suggests will be deemed as “Too Costly” especially when it’s far cheaper for them to say “We’re sorry” and pay for credit repair that most people won’t take advantage of.
My suspicion is based on experience with large corporations, as an employee and as a victim of ID theft.
As an employee I’ve sat in meetings where cyber security was discussed and watched executives choose to risk private data (Credit, SSNs, Addresses, Phones, credit ratings, you name it…) because a breach was less expensive to deal with than spending the money on infrastructure upgrades. The infrastructure has to be constantly upgraded and results in a year over year line item on the budget, whereas a breach is a “one time” expense and since it’s technically a “loss” it’s apparently got a more favorable tax position.
Ironically, the same company then lost an HR laptop that contained the whole employee database. We’re talking thousands of employees worldwide and that database residing on a laptop was in violation of the policies and procedures of the company. Once again the response was, “We’re sorry” we’ll pay for credit repair and monitoring.
Every time I hear of another data breach and the inevitable “We’re Sorry”, I can’t help but see the South Park episode where the oil company drilling has opened a dimensional portal and allowed Cthulhu access to Earth and ushered in 1000 years of darkness…
I didn’t include the whole memo from Anthem, it was pointless.
Bottom line is that in addition to the three or four companies that I worked for and who allowed my data to be stolen, The couple of banks where my information has been stolen, now my data has been stolen from an insurance company. They say they don’t believe my health records, or my credit information has been stolen but they’re less than convincing about it.
When I couple their data breach with the sudden uptick in healthcare related SPAM I have to wonder.
My SPAM filters have been getting one hell of a workout since Dec 1 2014. I thought it was the usual bullshit running up to Christmas, but now I’m thinking it’s because of the Anthem breach. Probably the quickest turn on the hack was to sell email addresses.
That would buy time for further analysis and allow full IDs to be pulled from the data, packaged and sold. I have no doubt that every single one of the records stolen from Anthem are already in China, Russia, or Mexico and that there are a ton of counterfeit me’s running all over the place.
The NSA doesn’t have to spy on us, they can buy all the information they’d ever want on the open market.
Between Google, and data breaches I’ll bet the NSA is considering closing their sophisticated data monitoring centers. Think about the savings!
Yeah, I’m pissed.
Anthem screwed me due to ACA, Anthem screwed me for an entire year of insurance that was almost completely useless, and now Anthem has screwed me again only this time the screwing will last for years
I’d honestly like to see their assets redistributed to all of us that they’ve hurt in various ways.
Maybe then Banks, Insurance Companies, The Government, and various other businesses would take data security seriously.
Update March 8, 2015
Almost Two weeks later, The Los Angeles Times published a more in-depth Op-Ed that makes many of the points I di in my post. They wrote their article with only slightly less snark than I did.