Anthem Blue Cross website hack of 200,000+ customers

Identity thieves promise everyone free buckets of Oxycotin and Vicodin Jello shots.

According to a story in my local-ish paper, the Orange County Register, personal information belonging to roughly 230,000 Anthem Blue Cross customers who use the company’s online services may have been compromised. Robert Charette at IEEE Spectrum comments on the story and makes a very good point:

“What I find interesting is that there is no FBI investigation – at least not yet – of the lawyers’ activities in accessing the information like in the AT&T iPad website data breach, or any outcry that that the lawyers should have immediately notified Anthem about the website security flaw instead of exploiting it.

A double standard at work here?”

The actual problem seems to have occurred when a site user was able to mess with the Web addresses used to gain access to confidential information on the site. a security flaw that escaped the net during an October 2009. Lawyers involved in a class action lawsuit against Anthem Blue Cross were looking for information to help their case, but others may have also taken advantage of the information.

According to the AP:

“Anthem sent letters to customers who may have been affected and offered a free year of identity protection services.”

They refused to pay for emergency treatment as those same users banged their heads against the wall. Apparently, being a part of Anthem Blue Cross’ data hacking experience is a pre-existing condition.