US health insurer Anthem has revealed hackers infiltrated its computer network and gained access to the personal information of customers and employees – including CEO Joseph Swedish.
The nation’s second-largest health insurer said it is contacting customers affected by the “very sophisticated” cyber attack and is working to figure out how many people were affected.
The company said information the hackers gained access to included names, birthdates, email addresses, employment details, Social Security numbers, incomes and street addresses of people who are currently covered or have had coverage in the past.
The Indianapolis-based insurer said credit card information was not compromised, and it has yet to find evidence that medical information such as insurance claims and test results was targeted or obtained.
Anthem, which recently changed its name from WellPoint, runs Blue Cross Blue Shield plans in more than a dozen US states, including California, New York and Ohio. It covers more than 37 million people.
The insurer said all of its product lines were affected. It sells mainly private individual and group health insurance, plans on the health care overhaul’s public insurance exchanges and Medicare and Medicaid coverage.
It also offers life insurance and dental and vision coverage.
Affected brands include Anthem Blue Cross, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield and Amerigroup.
Anthem said the FBI is investigating and the company has hired internet security company Mandiant to improve its network defences. The insurer will provide free credit monitoring and identity protection services.
The FBI urged Anthem customers contacted by the insurer to report suspected instances of identity theft.
In 2013, the insurer agreed to pay $1.7m (£1.1m) over allegations it left the information of more than 612,000 members available online because of inadequate safeguards.