Anthem Inc. stored the Social Security numbers of 80 million customers without encrypting them, the result of what a person familiar with the matter described as a difficult balancing act between protecting the information and making it useful.
Scrambling the data, which included addresses and phone numbers, could have made it less valuable to hackers or harder to access in bulk. It also would have made it harder for Anthem employees to track health care trends or share data with states and health providers, that person said.
The risks became clear last week, when Anthem discovered that hackers had broken into the database and made off with information on tens of millions of consumers, likely making it the largest computer breach disclosed by a health-care company.
Because the data wasn’t encrypted, it would be easily readable by hackers. The company believes a hacker group used a stolen employee password to access the database.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.