Hackers were able to access customer and employee records of Anthem, the second largest health insurer in the US. According to Anthem, the hackers were able to access names, birthdays, addresses, and SSNs, however based on the current information they did not access medical or financial information.
The breach was only discovered a little over a week ago when the systems administrator noticed queries being run on the database using his own credentials.
Based on information shared by an Athem spokeswoman, the company only encrypts data that is being transferred to or from the database meaning that the data stolen was not encrypted. Anthem relies on “other measures, including elevated user credentials, to limit access to the data when it is residing in a database.” However the attack relied on stolen employee credentials, no one is sure whether or not encrypting the data would have prevented the attack.