Dear Fellow Employee:

Anthem has provided the following information related to its cyber-attack and security breach – including details on how to enroll in identity theft protection services that it has guaranteed to its members, including current and former state employees and retirees that may be affected.

The services that Anthem is providing to members are strictly voluntary and available for two years. Enrollment instructions are outlined in this message below.

Additional information for members can be obtained at Anthem’s online resource page at www.anthemfacts.com. For further questions or information, plan participants may call Anthem’s dedicated toll-free hotline at 877-263-7995, as well as the dedicated Anthem Connecticut member line at 1-800-922-2232.

On January 29, 2015, Anthem, Inc. (Anthem) discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to Anthem’s IT system and obtained personal information relating to members who were or are currently covered by Anthem or other independent Blue Cross and Blue Shield plans that work with Anthem. Anthem believes that this suspicious activity may have occurred over the course of several weeks beginning in early December 2014.  

As soon as Anthem discovered the attack, they report that they immediately began working to close the security vulnerability and contacted the FBI   and have been fully cooperating with the FBI’s investigation. Anthem has also retained Mandiant, one of the world’s leading cyber-security firms, to assist us in their investigation and to strengthen the security of their systems. 

Members Affected
Current or former members of one of Anthem’s affiliated health plans may be affected.  In addition, some members of other independent Blue Cross and Blue Shield plans who received health-care services in any of the areas that Anthem serves over the last 10 years may be compromised.  Anthem is providing identity protection services to all individuals that are affected.   For a listing of potentially compromised Anthem-affiliated health plans and other Blue Cross and Blue Shield companies for which Anthem is providing this service, visit anthemfacts.com to view a list.  Anthem is a service provider to other group health plans and Blue Cross and Blue Shield plans across the country.   

Information Accessed
The information accessed may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, employment information, including income data.  Anthem reports that they have no reason to believe credit card or banking information was compromised, nor is there evidence at this time that medical information such as claims, test results, or diagnostic codes, was targeted or obtained. 

Identity Protection Services
Anthem has arranged to have AllClear ID protect members’ identity for two (2) years at no cost to members: 

• AllClear SECURE: This service is automatically available to members with no enrollment required.  If a problem arises, members can simply call 1-877-263-7995 and a dedicated investigator will do the work to recover financial losses, restore credit and make sure members’ identity is returned to its proper condition.  AllClear ID maintains an A+ rating at the Better Business Bureau.
• AllClear PRO: This service offers additional layers of protection, including credit monitoring and a $1 million identity theft insurance policy. For a child under 18 years old, AllClear ID ChildScan identifies acts of fraud against children by searching thousands of databases for use of a child’s information. To use the PRO service, members will need to provide personal information to AllClear ID. To learn more about these services, or to enroll, visit http://www.anthemfacts.com/ and click on the AllClear ID link from there.  Please note: Additional steps may be required by the member in order to activate your phone alerts. 

Mailed Notification
Anthem will also individually notify potentially affected current and former members by U.S. Postal mail with this same specific information on how to enroll in free credit monitoring and identity protection services.  These services will be provided to current and former members free of charge.  Anthem has also established a dedicated website (www.anthemfacts.com) where members can access additional information, including frequently asked questions and answers.   

Toll-Free Hotline
Anthem has established a dedicated toll-free number that members can call if they have questions related to this incident. That number is 877-263-7995.  We have included contact information for the three nationwide credit bureaus below.

Fraud Prevention Tips
We want to make members aware of steps they may take to guard against identity theft or fraud.    

We recommend that potentially affected members remain vigilant for incidents of fraud and identity theft, including by reviewing account statements and monitoring free credit reports.  In addition, members can report suspected incidents of identity theft to local law enforcement, Federal Trade Commission, or your state attorney general.  To learn more, go to the FTC’s Web site, at www.consumer.gov/idtheft, or call the FTC, at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.  
Members should be aware of scam email campaigns targeting current and former Anthem members.  These scams, designed to capture personal information (known as “phishing”), are designed to appear as if they are from Anthem and the emails include a “click here” link for credit monitoring. These emails are NOT from Anthem. 

• DO NOT reply to the email or reach out to the senders in any way.
• DO NOT supply any information on the website that may open, if you have clicked on a link in email.
• DO NOT open any attachments that arrive with email.

Anthem is not calling members regarding the cyber-attack and is not asking for credit card information or Social Security numbers over the phone.   For more guidance on recognizing scam email, please visit the FTC Website: http://www.consumer.ftc.gov/articles/0003-phishing. 
Members who have provided e-mails to Anthem and have opted in to receiving communications may receive an e-mail directing them to visit AnthemFacts.com to sign up for credit protection services. This e-mail is scheduled to be distributed the week of Feb. 16. A copy of the email will be posted on AnthemFacts.com
This email is being sent due to state notification requirements. It will not ask for personal information and will not contain a link to any websites other than AnthemFacts.com.
If members receive any emails regarding the Anthem Cyber Attack asking for personal information, or asking recipientsto click on an unfamiliar link:

• DO NOT click on any links in email.
• DO NOT reply to the email or reach out to the senders in any way.
• DO NOT supply any information on the website that may open, if you have clicked on a link in an email.
• DO NOT open any attachments that arrive with email.

Additional information is available from the FTC and the nationwide credit bureaus about fraud alerts and security freezes.  Individuals can add a fraud alert to their credit report file to help protect credit information.  A fraud alert can make it more difficult for someone to get credit in someone else’s name because it tells creditors to follow certain procedures to protect individuals, but it also may delay members’ ability to obtain credit.  A fraud alert can be placed by calling just one of the three nationwide credit bureaus listed above.  As soon as that bureau processes a fraud alert, it will notify the other two bureaus, which then must also place fraud alerts in an individual’s file.  In addition, members can visit the credit bureau links below to determine if and how a security freeze can be placed to prohibit a credit bureau from releasing information from members’ credit reports without written authorization:

• Equifax security freeze:
   https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
• Experian security freeze:
• http://www.experian.com/consumer/security_freeze.html
• TransUnion security freeze:  http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page

 For additional information, members are directed to the following resources:

• Attorney General George Jepsen and state Department of Consumer Protection Commissioner Jonathan A. Harris are advising all Connecticut residents who may be affected by the breach to report any suspicious activity on their credit report or other financial accounts to law enforcement immediately. Suspicious activity can also be reported to the Office of the Attorney General’s Privacy Task Force by emailing attorney.general@ct.gov or calling 860-808-5318.
• State Department of Consumer Protection. http://www.portal.ct.gov/dcp/cwp/view.asp?a=4302&q=560456.
• State Department of Revenue Services: http://www.portal.ct.gov/drs/site/default.asp.
• Internal Revenue Service, http://www.irs.gov/Individuals/Identity-Protection