Anthem Inc., the second largest health insurer in the country, recently announced that it was the victim of a massive data theft of sensitive customer information including Social Security numbers. This is by far the biggest breach of customer information to occur recently as nearly 69 million people are currently served by Anthem and its affiliate companies. In the statement issued by Anthem, the company acknowledges that all business units were compromised during the breach, but refrained from reporting how many customers are affected. Anthem also stated that all affected customers will be notified in writing pending an extensive IT forensic investigation. All that’s known as this time is that a “very sophisticated cyberattack” was able to expose the names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, and employment information of customers in every unit of the Anthem infrastructure, according to the official company statement.
Although a forensic investigation is still ongoing, Bloomberg researchers have already reported evidence that the Chinese government may have sponsored the attack. Most of the network exploitation techniques originated from servers located in China and an FBI bulletin goes so far as to point out similarities between this attack and a series of attacks carried out by undisclosed foreigners seeking a way into the computers of a specific group of people; namely defense contractors and government employees.
Like some other high-profile attacks, this attack seems to have been orchestrated by a group of hackers known as Deep Panda.
This group has strong ties to the strategic interests of the Chinese government; in other words, it is a group funded by the Chinese government to spy on the citizens of other countries in an effort to infiltrate the government. CrowdStrike, an IT security firm, has been following Deep Panda for about three years and has monitored this band of hackers while targeting strategic entities including sectors of government, defense, telecommunications, legal, and financial institutions.
Deep Panda consistently infiltrates these institutions in search of specific targets: namely those with positions in government who can be further exploited for information (especially that which deals with the China/Asia Pacific region).
It’s worth noting that Deep Panda has been known to rely on Adobe Flash zero-day exploits to infiltrate corporate networks and although it may be unrelated, Adobe has released three emergency Flash patches in just the last two weeks to address the very vulnerabilities used by hacking groups like Deep Panda.
Although the exact number of customers affected by the breach at Anthem is yet to be determined, the number is easily in the millions and those victims are susceptible to identity and/or tax fraud. If you are a current Anthem customer, keep an eye on your credit report and bank accounts and report any suspicious activity immediately.