Skip to main content

NEW YORK (TheStreet) --  The data taken by hackers from Anthem (ANTM) - Get Anthem, Inc. Report, the nation's second-largest insurer, could be used to exploit customers for years, say security experts. And the theft was easily preventable.  

"Hackers stole personal information such as birthdays, Social Security numbers and street addresses," said Cameron Camp, a researcher at computer security company Eset. "This is in some ways more serious than simply getting credit card information as it can potentially be used in a wider variety of frauds and scams, including identity theft." 

Criminals could use this information to get health care procedures they may not have qualified for, gain access to customers' other accounts, and sell it in bulk on the black market to people who want to print fake IDs, according to Camp.  

And matters could get even worse. Sergio Galindo, general manager at security company GFI Software, said that some of the data stolen involve information on children and things like Social Security numbers don't change. He said a smart hacker would sit on that information for five or 10 years, then put it to use. "That makes a lot of sense," said Galindo.

Anthem has been quick to offer some details -- and has won praise from the FBI for its forthrightness -- but it has also withheld key details involving the how-to of the breach. The breach of information for as many as 80 million Anthem customers and employees was discovered last week, and the Wall Street Journalreported that Anthem believes a stolen employee password was used to access the company's database.

Trent Telford, CEO of data security company Covata and himself an Anthem customer, said the insurer was negligent because the data taken by thieves were not encrypted.

That is a key point raised by multiple sources. Had the data been encrypted, the value to hackers would be severely diminished. But because the information was stored "in the clear" -- that is, in an easily read format -- cyber criminals are salivating in anticipation of accessing it.

TheStreet Recommends

Sunrise, Fla.-based security company Easy Solutions said Thursday it has already seen activity on hacker forums that indicate preparations are being taken to handle an influx of millions of consumer files with Social Security numbers.

Step two, said Melancon, is to look into free credit monitoring and identity theft protection services. "There's no way to easily change the personal data stolen in this breach; it's not like a credit card fraud," Melancon said. "This means you'll need to carefully monitor any changes to your finances."

Anthem serves customers in Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, parts of Missouri, Nevada, New Hampshire, Ohio, parts of Virginia and Wisconsin, according to the company's Web site.

As for the company itself, Jibey Asthappan, assistant professor and head of the national security program in the Henry C. Lee College of Criminal Justice and Forensic Sciences at the University of New Haven, believes that the incident -- as presently understood -- is unlikely to have grave consequences for the insurer in the short term.

Asthappan explained that health insurance is, as he put it, "inelastic," meaning it is not easy to change. In many cases, it is provided by an employer and the employee has little or no choice.

Asthappan added that longer term, "the company's public relations campaign will be critical in [determining] the long-term impact of this breach." Many experts said that, thus far, Anthem is making the right moves, and that augurs well for its future.

Bottom line: All is not yet known about the Anthem breach. But do not expect this to go away soon.

This article is commentary by an independent contributor. At the time of publication, the author held no positions in the stocks mentioned.