Newsroom

The nation's second-largest health insurer, Anthem Inc., confirmed a data breach Wednesday that exposed Social Security numbers and other personal data from its servers – a breach that could impact tens of millions of Americans, according to reports.

The report comes as lawmakers work through a second week of hearings on Capitol Hill on cybersecurity and how to shape legislation on data security and breach notification.

KrebsonSecurity.com reported that Anthem didn't specify how many consumer records were breached, but the company did say all of its business units were affected.

A statement by Anthem says attackers gained information such as current and former members' names, birthdays, medical identification numbers/Social Security numbers, street addresses, email addresses and employment information (including income data). The company said there is no evidence yet suggesting that credit card or medical information, such as claims, test results or diagnostic codes, was compromised. It says it will notify current and former members affected.

NAFCU continues to press Congress for a national data security standard for retailers coupled with legislation addressing cybersecurity.

The association is a member of the Payments Security Task Force, a diverse group of participants in the payments industry that is driving a discussion on payments system security. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.