Faculty, staff warned about Anthem scam emails
February 5, 2015
Update, Friday, 2:35 p.m.:
Gordon Johnson, chief information technology officer, sent out an email Friday afternoon updating WKU faculty and staff about the Anthem data breach.
Some Anthem members are being sent scam emails that appear to be sent from Anthem or someone representing the company, according to the email.
“These scam emails look legitimate and may even include the Anthem logo,” the email said. “They instruct the recipient to click a link to enroll in free credit monitoring service or identity theft services. Therefore, please be advised – DO NOT click on any links in emails sent to you unsolicited regarding this incident. Anthem will be sending instructions regarding credit monitoring services to affected members by written notice (mail).”
Anthem is still conducting an investigation to determine the specific Anthem members impacted by the breach, the email said. Once the members are determined, Anthem will notify the individuals through physical mail. The notice will include information on how to reduce the risk any further vulnerable information being compromised.
Johnson also wrote that WKU will set up a website to keep faculty and staff updated on the on-going Anthem investigation.
The original story is below:
Anthem, the nation’s second-largest health insurer, has been hacked and thousands of current and former WKU employees could be at risk.
The breach was first announced late Wednesday and it could affect as many as 80 million current and former customers, USA Today reported.
Gordon Johnson, chief information technology officer, sent out an email Thursday morning notifying WKU staff and employees about the hack.
“Anthem has informed us that its member/participant data was accessed, and could include that of WKU employees,” the email said.
Anthem has functioned as the third-party-administrator of WKU’s self-insured Employee Health Plan since January 1, 2003, according to the email.
Margaret Crowder, president of the faculty senate, said via email it could be too early to make an estimate as to the depth of the breach, particularly because Anthem itself is still investigating the problem.
“Obviously, hearing that one’s personal information may have been compromised is not something anyone enjoys,” she said. “Let us hope that Anthem is able to provide more detailed information to us in the near future regarding what specific data was compromised and that they then follow up to offer identity monitoring and protection services to anyone who was affected.”
The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data.
Social Security numbers were included in only a subset of consumers that were impacted, and Anthem is still working to determine which members’ Social Security numbers were accessed, the email said.
The Anthem data breach affected Anthem maintained systems and data. No WKU maintained systems were involved in the incident directly, the email said.
Anthem has created a website – www.anthemfacts.com, and a hotline, 1-877-263-7995, for its members to call for more information on the cyber-attack.
The original email is below: