Anthem Data Breach Affects Millions, China to Blame?

Anthem Inc., the second largest health insurer in the country, recently announced that it was the victim of a massive data theft of sensitive customer information including Social Security numbers. This is by far the biggest breach of customer information to occur recently as nearly 69 million people are currently served by Anthem and its affiliate companies. In the statement issued by Anthem, the company acknowledges that all business units were compromised during the breach, but refrained from reporting how many customers are affected. Anthem also stated that all affected customers will be notified in writing pending an extensive IT forensic investigation. All that’s known as this time is that a “very sophisticated cyberattack” was able to expose the names, dates of birth, Social Security numbers, addresses, phone numbers, email addresses, and employment information of customers in every unit of the Anthem infrastructure, according to the official company statement.

Although a forensic investigation is still ongoing, Bloomberg researchers have already reported evidence that the Chinese government may have sponsored the attack. Most of the network exploitation techniques originated from servers located in China and an FBI bulletin goes so far as to point out similarities between this attack and a series of attacks carried out by undisclosed foreigners seeking a way into the computers of a specific group of people; namely defense contractors and government employees.

Like some other high-profile attacks, this attack seems to have been orchestrated by a group of hackers known as Deep Panda.

This group has strong ties to the strategic interests of the Chinese government; in other words, it is a group funded by the Chinese government to spy on the citizens of other countries in an effort to infiltrate the government. CrowdStrike, an IT security firm, has been following Deep Panda for about three years and has monitored this band of hackers while targeting strategic entities including sectors of government, defense, telecommunications, legal, and financial institutions.

anthem data breach

Deep Panda consistently infiltrates these institutions in search of specific targets: namely those with positions in government who can be further exploited for information (especially that which deals with the China/Asia Pacific region).

It’s worth noting that Deep Panda has been known to rely on Adobe Flash zero-day exploits to infiltrate corporate networks and although it may be unrelated, Adobe has released three emergency Flash patches in just the last two weeks to address the very vulnerabilities used by hacking groups like Deep Panda.

Although the exact number of customers affected by the breach at Anthem is yet to be determined, the number is easily in the millions and those victims are susceptible to identity and/or tax fraud. If you are a current Anthem customer, keep an eye on your credit report and bank accounts and report any suspicious activity immediately.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal