Today's big story is the data breach Anthem, Inc., the second largest health insurance carrier in the United States, disclosed last night. Nearly 80M individuals' records were compromised, and industry observers are saying the incident has the potential to be the largest insurance breach in history.
The attack is thought to have begun on December 8, 2014, with Anthem discovering and reporting "suspicious activity" on January 28, 2015. Anthem's CEO, Joseph R. Swedish, says there was "unauthorized access" to members' personal information including "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data." He adds, "Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised."
Anthem has hired FireEye's Mandiant unit to investigate. The FBI is conducting a criminal investigation, and the Bureau praises how Anthem has handled the incident, calling it a model others might follow. (Wired pointedly asks whether the compromised data were encrypted, suggesting there might be a painful teaching example here as well.)
PawnStorm continues to attack iOS.
Sony says it expects to spend a total of $35M fixing its networks (about $15M of that will go to investigation and remediation).
The Anthem incident will reinforce the push, already underway, for the maturation of the cyber insurance market. It's also prompting renewed efforts in the US House to facilitate cyber threat information sharing.
Ross Ulbricht is found guilty in the Silk Road trial.