February 10, 2015
It’s Serious, But Don’t Panic: 8 Tips For Anthem’s Security Breach
After our Feb. 10 show on strategies to protect Americans against cyber attacks, Andre Delattre, the executive director of the U.S. Public Interest Research Group, offered some tips to help consumers navigate Anthem’s security breach.
Not an Anthem customer? You can still help by sharing sharing tips with family and friends.
Here’s what you need to know:
- Don’t open or click on any emails claiming to be from Anthem. Some may be malicious. These are probably not even from the actual hacker, but are garden-variety phishing scams that follow any breach. These are designed either to install malware on your computer or get you to give up financial details that will allow them to access your accounts or open new ones in your name. (People who don’t have Anthem coverage will receive these also. Any spammer with an email list can send these out.)
- Anthem will contact you by mail if your personal information has been breached. Even if you think an email is from Anthem, do not click on any email links. Separately log on to their website by typing the letters of the URL yourself. Malicious emails may appear to re-direct to the Anthem website, but actually do not.
- Monitor your credit reports and bank accounts. All consumers have the right to a free credit report annually from each of the three big credit bureaus. Visit the U.S. Federal Trade Commission (FTC) website for instructions.
- Consider a fraud alert now. Consumers who suspect they are victims of identity theft can add a 90-day, renewable initial fraud alert to their credit reports (which also entitles you to an additional free credit report). If you know you are an identity theft victim and file a police report or FTC affidavit demonstrating this, you can request a permanent fraud alert.
- Consider the “peace of mind” of a security freeze on your credit reports. Ten years ago, U.S. PIRG, along with Consumers Union, drafted a model state security freeze law, and with the help of AARP and others, it rapidly became law in 47 states until the credit bureaus finally capitulated and agreed to provide freezes in all jurisdictions. A security freeze prevents new credit from being issued in your name but allows your existing creditors to look at your report. It’s the only way to prevent financial identity theft, since new creditors who cannot see credit scores or reports will not open new accounts. A freeze requires more work by you; if you want to apply for a new credit card or a home refinance, you’ll need to temporarily lift the freeze (you can do this on a targeted creditor basis). A typical freeze costs $10 ($30 for 3) and $5-10 each time it is temporarily lifted. A few states offer free security freezes for identity theft victims or senior citizens.
- Don’t pay for expensive credit monitoring. Take it for free from Anthem. A freeze is much less expensive, and 100 percent more effective, than over-priced “credit monitoring” services sold by the credit bureaus and other firms. We will be monitoring Anthem’s expected offer of free credit monitoring, and will strongly oppose it if it is set to automatically convert to paid credit monitoring at the end of the free offer. Nevertheless, due to the serious nature of this breach, it’s okay to take it for free.
- Update critical passwords. It’s always a good idea to use different, robust passwords for all your important accounts. And it’s a good idea to update them regularly.
- Consider filing for tax refunds ASAP. Several state attorneys general and 0ther officials recommend filing for tax refunds as soon as possible.
Of course, watch your bank accounts, watch your email and be suspicious of any phone calls. Never give out information to an incoming caller. Hang up and call the number on your Anthem card or your credit card. Stay vigilant.
For more tips, listen again to some tips from our panel.