

Anthem hackers had compromised the credentials of five different employees - ssclafani
http://www.richmond.com/business/ap/article_82e0ea54-5092-5368-8d76-cfcf654ae2c3.html

======
sandworm
They have evidence of an attack going back to Dec 10, a Wednesday.

"Anthemfacts.com" was registered on Dec 13th which was, assuming US rather
than GMT, the following friday.

The proximity and order of those dates cannot be coincidence. It would seem
someone at Anthem was confident enough to start prepping the PR campaign
almost TWO MONTHS before the public, or the Conn AG, was notified. And during
tax season!

~~~
SyneRyder
While it could be coincidence, I think you're onto something. If the attack
was first discovered on Dec 10, that means Anthem notified the public on Day
59 (February 6 is the timestamp at the bottom of AnthemFacts.com). That is the
last possible chance they have to legally notify the public.

The Wall Street Journal[1] notes that: _" Federal law requires health-care
companies to inform consumers and regulators when they suffer a data breach
involving personally identifiable information, but they have as many as 60
days after the discovery of an attack to report it."_ Day 59 is cutting it
awfully close.

[1] [http://www.wsj.com/articles/health-insurer-anthem-hit-by-
hac...](http://www.wsj.com/articles/health-insurer-anthem-hit-by-
hackers-1423103720)

~~~
yclept
Feb 6 would be the last legal work day

------
justinsb
So no two-factor authentication was needed to access personal information? And
where are the defenses against an insider accessing information they aren't
supposed to?

~~~
CodeWriter23
We're talking about "admins" who fell for a phishing scam here.

------
cies
> Anthem hackers had compromised the credentials of five different employees

Would be much more news-worthy if it were five _the same_ employees!

