Three weeks ago, when the Anthem health insurance company first admitted that hackers had successfully breached a database holding certain customer records, initial estimates suggested that about 80 million current and former Anthem customers were affected.
Yesterday the company released more details about the hacking, and the news is both better and worse than initially feared. The actual number of affected people is slightly lower than estimated: 78.8 million. (By way of comparison, in 2014 the U.S. had an estimated total population of 314.9 million, so the Anthem hack affected slightly less than 1 out of every 4 people in the United States.)
However, those 78.8 million people are not limited to current and former Anthem policyholders: the company also said that up to 19 million of those records were from people enrolled in “non-Anthem plans.”
The stolen information includes people's names, Social Security numbers, dates of birth, home addresses, email addresses, and phone numbers, which Anthem had never encrypted. It's believed that the hacker or hackers only needed to steal a single password to gain access to all that information. However, Anthem says that no medical, banking or financial information was made available to the hackers.
FBI is "close"
Also on Tuesday, the head of the FBI's Criminal, Cyber, Response and Services Branch said that the Bureau was “close” to identifying the Anthem hackers, but would not name names until it was absolutely sure. FBI agent Robert Anderson told reporters that “We’re close already, but we’re not going to say it until we’re absolutely sure.”
Earlier this month, when news of the Anthem hacking was still only a couple of days old, security investigators speaking anonymously suggested that the hackers might be connected to the Chinese government. But when discussing possible culprits on Tuesday, Anderson said, “I don’t know if it’s China or not, by the way.”