After learning of a data breach affecting nearly 80 million customers of insurer Anthem Inc., Attorney General Peter F. Kilmartin is warning Rhode Islanders who may be affected.
Attorney General Kilmartin has sent a letter to Anthem Inc. asking for additional information about the breach and what, if any, impact it will have on Rhode Island consumers. He also reminded the company that under Rhode Island General Law § 11-49.2-3, any agency or business, whether Rhode Island-based or not, must notify residents of Rhode Island whose information or identities may be compromised by a security breach in the most reasonable time possible and without unreasonable delay.
Anthem Inc. is the parent company of Anthem Blue Cross and Blue Shield in Connecticut. The Blue Cross and Blue Shield System consists of 37 independently operated Blue Cross and Blue Shield member companies. Blue Cross Blue Shield of Rhode Island (BCBSRI) and Anthem Inc. are separate and distinct companies, though through various collaborative agreements some information on members could have been affected. At this time, it is not known whether any BCBSRI members are impacted by the Anthem breach. However, if consumers have received medical services in a state where Anthem operates, their data may be affected.
Anthem has confirmed that the company was the target of a sophisticated external cyber attack. Attackers gained unauthorized access to Anthem's IT system and have obtained personal information from current and former members such as names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data. The company stated that there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.
"Although early reports indicate that few Rhode Islanders may be affected by this latest data breach, since the hack exposed extremely sensitive information, I am gravely concerned," said Attorney General Kilmartin. "I have contacted Anthem to determine how many customers in our state were affected and what the company plans to do to better protect its customer data."
Anthem has stated that the company will individually notify current and former members whose information has been accessed.
Anthem will also provide credit monitoring and identity protection services free of charge, and has created a dedicated website (www.AnthemFacts.com) where members can access information such as frequent questions and answers. Additionally, there is a toll-free number that both current and former members can call if they have questions related to this incident: 1-877-263-7995. The website will be updated as more information is available.
Attorney General Kilmartin offered the following helpful information to consumers who are customers of Anthem Inc.:
• Be suspicious of any phone calls or emails claiming to be from Anthem Inc. asking to confirm account information, social security number or other personal identifiable information. Calls or emails claiming to provide information about the breach may be scams.
• Monitor banking and credit card accounts daily for suspicious activity, especially small withdrawals. Often, hackers will withdraw a few small amounts to "test" the account to see if it is viable to fully compromise. Immediately report any suspicious account activity.
• Consider changing email passwords as well as online account passwords. While there's no indication this information has been compromised in the breach, it's a good idea to change passwords periodically anyway.
• Update antivirus software.
• Consider adding a fraud alert to your credit report file to help protect your credit information. A fraud alert is free of charge and can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed below.
• Under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.annualcreditreport.com or by calling (877) 322-8228.
Attorney General Kilmartin also warns consumers to be on the lookout for signs of identity theft, which could include:
• Unexpected mail, such as a bill for a credit card you never signed up for or a member agreement from a bank with which you do not have an account.
• Credit charges you did not make.
• Unexpected collection calls.
• Errors on your credit report or a lower than expected score.
• Another person's name showing up on your background check.
Consumers may contact the nationwide credit reporting agencies at:
About the Office of the Attorney General Consumer Protection Unit The Office of the Attorney General Consumer Protection Unit investigates and mediates consumer complaints concerning unfair and unlawful business practices and misleading advertising arising out of alleged violations of the Deceptive Trade Practices Act. If groups of people are victimized by a deceptive trade practice, this office may file in the Superior Court a civil investigative demand, which is a formal investigation. In appropriate cases, a lawsuit to stop the illegal business practice may be initiated.
Apart from carrying out its statutory responsibilities, the Unit also provides information and referral services to the general public. Consumers are directed to the appropriate governmental or private agencies for help in answering specialized questions or resolving disputes that are not within the Unit's jurisdiction.
The Consumer Protection Unit is available to speak to community groups on how to prevent being a victim of identity theft and other scams. For more information, please visit www.riag.ri.gov or call 401-274-4400.