US healthcare insurance firm Anthem has admitted to being hit by a "very sophisticated" cyber attack that accessed databases containing information on some 80 million customers.
Anthem chief executive Joseph Swedish posted a statement explaining that data protection and security is a top priority at the company, but that the attackers managed to infiltrate its systems and access customer and company data.
“These attackers gained unauthorised access to Anthem’s IT system and have obtained personal information from our current and former members,” he said.
“Anthem’s own associates’ personal information, including my own, was accessed during this security breach.”
Swedish added that the compromised data included names, birth dates, medical IDs/Social Security numbers, street addresses, email addresses and employment information, including income data.
However, he said that there is no evidence of credit card or medical information, such as claims, test results or diagnostic codes, being “targeted or compromised”.
Anthem said that it has notified the FBI and retained the services of FireEye-owned cyber security firm Mandiant to evaluate the full extent of the breach.
No group or individual has so far been identified as the attacker, the company added.
Anthem will also notify current and former customers whose information has been accessed and provide credit monitoring and identity protection services free of charge.
The data breach is the latest incident to affect a major US corporation as the threats to firms retaining large amounts of sensitive data continue to grow.
Last year Sony was hit by a hack that saw highly sensitive corporate data leaked, while Target and Home Depot were severely affected by database hacks.
Jaime Blasco, vice president and chief scientist at security firm AlienVault, said that, while Anthem has reassured customers that no healthcare or financial information was compromised, the incident is still unnerving.
"For individuals it is a nightmare. If the attackers had access to names, birthdays, addresses and Social Security numbers, it means that information can be easily used to carry out identity theft schemes.”
The loss of the data at the healthcare insurance provider comes in the same week that the UK's data protection watchdog, the Information Commissioner's Office, gained the power to carry out compulsory data protection audits on NHS organisations.
It is hoped that this will improve data security at public sector healthcare providers, in response to numerous data loss incidents that have led to fines totalling £1.3m.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws