Sheryl Harris of The Plain Dealer recently took Anthem to task over a recently disclosed breach and suggests that it may be linked to at least two cases of fraud reported by Ohioans:
[…]
How do two men who have never taken out payday loans wind up on a list of cash-advance frequent fliers?
The answer may lie in the data breach at Anthem.
[…]
In early August, Anthem sent letters to Wollet and Groff telling them that several people had manipulated the company’s Web site to gain access to customers’ personal information. That information, the letter said, “may have included your name, Social Security number and credit card information.”
It’s possible that the security breach and the fraudulent loan activity are unrelated — as Paul Stephens of the Privacy Rights Clearinghouse notes, “They may never know.” But the coincidence is striking.
I contacted Anthem and invited them to respond to The Plain Dealer story. In an e-mail statement to DataBreaches.net, spokesperson Cynthia Sanders writes:
We believe the article in the Cleveland Plains Dealer was inaccurate to assume a connection between the two issues. We are disappointed that the newspaper chose to make assumptions in a published article instead of reporting the facts.
We are able to determine which applications may have been viewed, and no applicants from Ohio had their application viewed. This makes is (sic) very unlikely that their information could have been used inappropriately.
As someone who is often critical of entities who have experienced breaches, given how difficult it is to link any one case of fraud or ID theft to a specific breach — as Paul Stephens of PRC informed the reporter — and given that the reporter could have found out that no Ohioans had their data viewed, I was a bit surprised by some of the statements in The Plain Dealer piece. See what you think.