The California Office of the Attorney General disclosed a data breach at **Anthem Blue Cross**, where unauthorized access to its member portal occurred between **October 1, 2021, and October 14, 2021**. The incident exposed sensitive personal information of affected individuals, including **names, dates of birth, addresses, email addresses, phone numbers, and healthcare identification numbers**. While the breach did not involve financial data or medical records, the exposure of personally identifiable information (PII) poses risks such as identity theft, phishing attacks, and fraudulent activities targeting the victims. The breach was officially reported on **November 24, 2021**, highlighting a delay in detection and disclosure. As a healthcare provider, Anthem Blue Cross handles vast amounts of sensitive customer data, making this incident particularly concerning due to the potential for long-term reputational damage and regulatory scrutiny under laws like **HIPAA (Health Insurance Portability and Accountability Act)**. The lack of evidence suggesting ransomware or a broader systemic attack narrows the scope to unauthorized data access, but the scale of exposed records underscores the severity of the incident.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-547906
TPRM report: https://www.rankiteo.com/company/anthembcbs
"id": "ant032090625",
"linkid": "anthembcbs",
"type": "Breach",
"date": "10/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'Anthem Blue Cross',
'type': 'Health Insurance Provider'}],
'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
'reported)',
'personally_identifiable_information': ['names',
'dates of birth',
'addresses',
'email addresses',
'phone numbers',
'healthcare '
'identification '
'numbers'],
'sensitivity_of_data': 'High (includes healthcare IDs and '
'PII)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2021-11-24',
'description': 'The California Office of the Attorney General reported that '
'Anthem Blue Cross experienced a data breach where member '
'portal information may have been accessed without '
'authorization between October 1, 2021, and October 14, 2021. '
'The breach potentially involved names, dates of birth, '
'addresses, email addresses, phone numbers, and healthcare '
'identification numbers of affected individuals.',
'impact': {'data_compromised': ['names',
'dates of birth',
'addresses',
'email addresses',
'phone numbers',
'healthcare identification numbers'],
'identity_theft_risk': 'Potential (due to PII exposure)',
'systems_affected': ['member portal']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA '
'violations (if PHI was '
'exposed)'],
'regulatory_notifications': ['Reported to '
'California Office of '
'the Attorney '
'General']},
'title': 'Anthem Blue Cross Data Breach (October 2021)',
'type': 'Data Breach'}