Sometimes I feel like whenever I write a blog post it is about something negative. It seems like every time you turn on the news, another company has been hacked, and their customers' personal information has been compromised.
Health Insurer Anthem revealed earlier this month that their servers had been breached, and that the personal information of as many as 80 million current and former customers and employees was stolen. Data stolen included Names, Birth Dates, Social Security Numbers, addresses, phone numbers, e-mail addresses, and employment information.
So far, Anthem has not reached out to the people whose information was exposed to inform them that their data may have been compromised, or to offer them free membership to a credit monitoring service, as has become the norm after these types of breaches.
Attorneys General across the US are not pleased with Anthem’s response, and have begun to put pressure on the company.
There’s a new wrinkle, though. Breached customers have begun receiving phishing e-mails, purportedly from Anthem , offering free credit monitoring services. These e-mails look like they are coming from Anthem, but they aren’t. Following the link in the e-mails takes people, who are already victims of the breach, to a website designed to exctract additional information from them, and may install malware as an added bonus.
Any business that stores customers’ personal data has a responsibility to protect that data. Aside from potential liability, it is just the right thing to do.
Hackers are very skilled, they dedicate themselves to breaking into servers, that may be more important than the money they make by selling the personal data they extract to unsavory organizations. It is very difficult to keep up with these guys.
If your business stores personal data, don’t try to go it alone. Managed and Hosted Services companies, Cloud Based security companies, and Infrastructure as a Service Providers are fully staged with security experts, monitoring their data centers 24 hours a day to protect their customers data. These companies have security resources far beyond what the average business can afford on their own, but provide their services to businesses for an affordable monthly fee.
Security conscious companies like Red Robin and government agencies like the IRS have moved to these types of companies, utilizing their data centers to ensure that they are taking every step to keep their data secure.
A customer of ours visited his data center recently, and remarked to me, “I kind of felt like the NSA was watching me the entire time.” Not what you want in your personal life, but when it comes to protecting your data? You bet.
Don’t be the next company on the news for being hacked.