Anthem, the No. 2 health insurer in the US, revealed Wednesday that hackers had broken into its servers and stolen the personal information of as many as 80 million current and former members and employees.
In a note to customers Wednesday, Anthem CEO Joseph Swedish said the company was the target of a "very sophisticated external cyber attack" that compromised names, dates of birth, member ID, Social Security numbers, addresses, phone numbers, email addresses and employment information. He said there was no evidence, however, that any credit card or medical records had been exposed.
Anthem, which was formerly known as WellPoint and tallies 37 million current members, said it immediately moved to close the security vulnerability and was working with the FBI to determine the extent of the breach. A spokesperson told the Wall Street Journal that it believed "tens of millions" of records were exposed, likely making it the largest data breach involving a US health insurer.
Swedish, who said that his own personal data was exposed during the intrusion, said the company will individually contact everyone whose information was accessed in the hack. The company also said it will provide free credit monitoring and identity protection services for those affected.
An Anthem representative declined to comment beyond the statement posted to its website.
Anthem's security breach could rank among the largest emerging during a recent uptick in hacks. In September, Home Depot revealed thatas a result of a security breach at the home improvement store. In 2013, of 40 million Target customers and the personal information for an additional 70 million customers. Arts and crafts retail chain , department store and restaurant chain have also revealed security breaches aimed at stealing customers' credit card information.
Law enforcement began warning healthcare industry companies last year that they may face an increased risk of data breach attacks. Following a Reuters.in August, the FBI issued a flash warning to companies that it had observed "malicious actors targeting healthcare related systems," perhaps for the purpose of obtaining healthcare information or personal identification information, according to