150205_FF_AnthemHacked
The corporate headquarters of health insurer Anthem, in Indianapolis. Darron Cummings—AP

Anthem Health Insurance Was Hacked. Here's What Customers Need to Know

Feb 05, 2015

Anthem customers might be feeling a bit ill this morning. The nation's second-largest health insurance company just announced that hackers have stolen members' Social Security numbers, names, birthdays, medical IDs, and more sensitive personal information in a massive data breach. The breach affects an estimated 80 million customers and employees. At this point, Anthem does not believe the hackers accessed credit card or medical information.

"Safeguarding your personal, financial and medical information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data," Anthem President and CEO Joseph R. Swedish said in a statement. "However, despite our efforts, Anthem was the target of a very sophisticated external cyber attack." Anthem does not yet know who was responsible.

Anthem says members of multiple health plans were affected, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.

The company has promised to individually notify every person who was affected and provide free credit monitoring. You can visit www.AnthemFacts.com or call 877-263-7995 to learn more from Anthem.

Unfortunately, this hack is much worse than the average data breach. If your debit card number is compromised—think of Target’s data breach—the worst thing that happens is, after some headache, you get your money refunded and a new card. But if your Social Security number is compromised, identity thieves can wreak havoc on your life.

With a Social Security number, fraudsters can apply for credit cards, mortgages, and other lines of credit in your name, racking up debt on your tab. That can ruin your credit, making it difficult for you to get a new credit card, mortgage, or even a job. Identity thieves can also file fraudulent tax returns in your name, robbing you of your refund and causing chaos at the IRS.

Scared yet? If your Social Security number could have been compromised, here’s what you should know about your options.

You probably can’t get a replacement Social Security number

You might wish you could just get a new Social Security number. Don’t bother, says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse.

First, it wouldn’t be effective: Government agencies, credit bureaus and businesses will still associate you with your old, compromised number. Meanwhile, you’ll need to rebuild your credit history from scratch, which will make it harder to get your finances in order. Plus, the Social Security Administration rarely issues replacement numbers after data breaches, Stephens says. If it did, half the country might be eligible.

“I’m not aware of any situation where someone has gotten a new Social Security number because of identity theft,” Stephens says. “That is very difficult to do, and consumer advocates advise against doing so. It further complicates things for you, and the act of getting a new Social Security number is not really going to impact the ability of a criminal to use your old Social Security number.”

If you want to try anyway, gather documentation to prove your citizenship (with a birth certificate or passport), your age (with a birth certificate, religious record, hospital record or passport) and your identity (with a drivers’ license, state-issued ID, or passport).

The SSA says you need to “provide evidence you are having ongoing problems because of the misuse” to be considered for a new number. So if your Social Security number has been exposed but you’re not yet a victim of fraud, don’t waste your time.

“You cannot get a new SSN to avoid the consequences of filing for bankruptcy, to avoid the law or your legal responsibility, or if there is no evidence that someone is using your number,” SSA spokesman William “BJ” Jarrett said in an email. Jarrett advises that if you believe someone is fraudulently using your Social Security number, you should first file a police report and contact the Federal Trade Commission (877-438-4338). “If you have done all you can to fix the problems resulting from misuse of an SSN and someone is still using it, Social Security may be able to assign a new number.”

The Federal Trade Commission also warns that there are companies that offer to help you apply — for a fee, naturally. But you don’t need their help and you shouldn’t have to pay any money; the application for a replacement Social Security number is free.

You can put a security freeze on your credit report

This is the most foolproof thing you can do, but there are downsides. A freeze means no one can pull your credit report—so no one can apply for new lines of credit in your name, not even you.

Actual identity theft victims can get a freeze for free, but others have to pay. Prices vary by state. It can cost up to $30 to institute a freeze and $12 to lift. You have to “lift” the freeze every time you apply for credit, so that the creditor can check your report.

In other words, there could be a $12 surcharge every time you apply for a credit card, mortgage, or even a job or apartment. For that reason, credit freezes aren’t always a practical solution, especially not for young people who move around a lot.

Contact Experian, Trans­Union, or Equifax to institute a freeze.

You can put a fraud alert on your credit report

This one is easy—and you can do it even if your information hasn’t already been exposed. A fraud alert tells creditors to double-check whenever someone applies for credit in your name. For example, when a credit card issuer receives an application for a new card, a fraud alert tells the company to contact you and make sure you’re really the one who submitted the application.

Again, contact Experian, Trans­Union, or Equifax to place a 90-day alert. It’s free. If you’re a confirmed identity theft victim, the alert lasts seven years.

You can monitor your credit reports

However, you shouldn’t stop there. Under the law, you’re entitled to a free credit report from each of the three credit bureaus every year. Check it.

“If you opt for just the fraud alert, you need to be aware that fraud alerts are not infallible,” Stephens says. “We would recommend that you continually regularly examine your credit reports. Get them every few months and make sure that there’s nothing on there that’s fraudulent.”

You can also sign up for credit monitoring—just don’t pay for it. After a data breach, it’s become the norm for companies to offer free credit monitoring to victims, Stephens says. He also recommends free monitoring from Credit Karma and Credit Sesame.

This article was adapted from an earlier story, What to Do If Your Social Security Number Was Leaked like Sylvester Stallone’s.

Related:

MONEY may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions