Hackers have stolen personal information relating to current and former customers and staff of no. 2 US health insurer Anthem Inc., after breaching an IT system containing data on up to 80 million people, the company said late on Wednesday.
Anthem, which has nearly 40 million customers in the United States, said it had reported the attack to the FBI and cybersecurity firm FireEye Inc. said it had been hired to help Anthem investigate the attack.
“We do confirm that this was done by an advanced group using custom malware,” said FireEye spokesman Vitor De Souza, noting that Anthem employees identified the breach, which was limited to a window of a few days. “We know across the board that when you do see something, you need to act fast”, which Anthem appears to have done, De Souza said.
Anthem said in a statement that names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, had been accessed in what it described as a “very sophisticated attack”.
The breach did not appear to involve medical information or financial details such as credit card or bank account numbers, Anthem said, adding it immediately made every effort to close the security vulnerability, which was discovered last week.