Dear Fellow State Employee,
This message is to notify all state employees that Anthem, Inc. – one of two health insurance providers for the State of Connecticut’s employees and retirees – was the target of an extensive cyber-attack that resulted in a data breach that has potentially exposed all of its customer data such as names, addresses, social security numbers, birth dates, and other information.
A full investigation by Anthem and federal law enforcement is underway to determine the extent of the breach.
State officials, including myself, have met with Anthem officials to discuss remedies for current and former employees, retirees and their dependents – as well as any other Connecticut consumers whose information may have been compromised.
We have called for – and Anthem has guaranteed – at least two years of credit monitoring, identity theft insurance and other protections for those Connecticut state employees, retirees and dependents who may be affected. These voluntary protections will be retroactive to the time of the breach. Once Anthem confirms the enrollment steps they’re offering, we will circulate that information as soon as possible.
Anthem will notify individuals once they identify whose information was compromised. That identification process is ongoing.
We are working closely with Anthem to better understand the details of this attack and the effect on our members. In the meantime, here is what we know:
- Once Anthem determined it was the victim of a sophisticated cyber-attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
- Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
- Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
- The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, and email addresses.
- Anthem is still working to determine which members’ personal information was accessed.
- Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
- Anthem has advised us there is no indication at this time that any of our members’ personal information has been misused.
- All impacted Anthem members will be offered identity theft monitoring and credit monitoring services for two years. Anthem will soon provide affected members with information on how to enroll in this protection.
For additional information, members should be directed to the following resources:
- www.anthemfacts.com which includes a link to Frequently Asked Questions
- State of CT dedicated Customer Service Line at 1-800-922-2232
- Attorney General George Jepsen and state Department of Consumer Protection Commissioner Jonathan A. Harris are advising all Connecticut residents who may be affected by the breach to report any suspicious activity on their credit report or other financial accounts to law enforcement immediately. Suspicious activity can also be reported to the Office of the Attorney General’s Privacy Task Force by emailing attorney.general@ct.gov or calling 860-808-5318.
- State Department of Consumer Protection: http://www.ct.gov/dcp/cwp/view.asp?a=4302&q=560456
- Federal Trade Commission: http://www.consumer.ftc.gov/articles/0275-place-fraud-alert
Sincerely,
Kevin Lembo
State Comptroller
For more information, contact: Susan Matthews at susan.matthews@uconn.edu