# Anthem Blue Cross hacked [update - watch for fraudulent tax return]



## presley (Feb 5, 2015)

Anthem Blue Cross did not encrypt their customers' data and they got hacked.  Millions of peoples personal identifiable information was leaked including Social security #s, birth dates, etc, etc.  Here is a link to the LA Times article, but I a sure you will find many other articles if you google anthem hacked.

http://www.latimes.com/business/la-fi-anthem-hacked-20150204-story.html


----------



## dioxide45 (Feb 5, 2015)

The problem is that many people can't switch to another company right now even if they wanted to. Most employer plans had open enrollment late in the fall and can't make a change unless they have a qualified life event. Perhaps this should qualify.

Of course leaving the company now won't help anything since the data has already been breached.


----------



## geekette (Feb 5, 2015)

dioxide45 said:


> The problem is that many people can't switch to another company right now even if they wanted to. Most employer plans had open enrollment late in the fall and can't make a change unless they have a qualified life event. Perhaps this should qualify.
> 
> Of course leaving the company now won't help anything since the data has already been breached.



Doesn't matter - if you have EVER been an Anthem customer, you may be affected.  Anthem has been my most common insurer, but not currently.  It's not like old customers get purged every Jan 1, I'm in the system.


----------



## Beaglemom3 (Feb 5, 2015)

It's on the national news right this moment.



0


----------



## Icc5 (Feb 5, 2015)

*Use Common Sense*

They didn't get credit card info. but did get SS#'s, phone, addresses.
If you get an email from Anthem I would not respond but go to their site to respond or call.  Just be careful if you get something from them asking for info. of any kind.


----------



## camachinist (Feb 5, 2015)

Haven't heard anything from them. Been a customer for about 15 years. New Obamacare customer so both Covered CA and Anthem got some personal information. That's life I guess. It's either them or Kaiser.


----------



## bogey21 (Feb 5, 2015)

A couple of years ago when it became apparent that my (our) personal information was becoming more and more at risk I put freezes on my accounts at the 3 Credit Bureaus.  

Twice I had to call and ask them to remove the freeze for 24 hour periods so entities I gave permission to check my credit could do so.  Both times access was granted within about 15 minutes.  After the 24 hours were up the Credit Bureaus notified me that my freeze had been reinstated.  One time there was a $10 charge. the other time it was free.

George


----------



## pedro47 (Feb 5, 2015)

bogey21 said:


> A couple of years ago when it became apparent that my (our) personal information was becoming more and more at risk I put freezes on my accounts at the 3 Credit Bureaus.
> 
> Twice I had to call and ask them to remove the freeze for 24 hour periods so entities I gave permission to check my credit could do so.  Both times access was granted within about 15 minutes.  After the 24 hours were up the Credit Bureaus notified me that my freeze had been reinstated.  One time there was a $10 charge. the other time it was free.
> 
> George



Thanks for sharing this.  ,


----------



## GetawaysRus (Feb 6, 2015)

I think the Anthem hack was inevitable.  If you think about it, if you were a hacker, wouldn't you want to try to hack those companies that have the most and the juiciest data?

So, if I were a hacker, what would be on my dream hacking list?  Clearly the Social Security Administration or some other very large government agency, or perhaps a State Income Tax Agency (a large state, such as NY or California, sounds good to me).  The real questions are:
1. Is the government smart enough to protect our data?  Frankly, I doubt it.
2. If a government agency were hacked, would they fess up and publicize it?  I am also doubtful.


----------



## Ann-Marie (Feb 6, 2015)

When is Medicare going to stop using Social Security numbers for your ID number?  If you are on Medicare, you walk around with your social security number all the time.


----------



## pedro47 (Feb 6, 2015)

Ann-Marie said:


> When is Medicare going to stop using Social Security numbers for your ID number?  If you are on Medicare, you walk around with your social security number all the time.



You are right on point.


----------



## SmithOp (Feb 6, 2015)

GetawaysRus said:


> I think the Anthem hack was inevitable.  If you think about it, if you were a hacker, wouldn't you want to try to hack those companies that have the most and the juiciest data?
> 
> 
> 
> ...




Govt agencies have the highest security because our tax dollars pay for it.  Too many companies are profit driven and cut corners on IT systems.  Google NIST and FEDRamp for the latest govt security standards.


Sent from my iPad using the strange new version of Tapatalk


----------



## DeniseM (Feb 6, 2015)

The data thieves are already sending phishing emails directly to Anthem  members - and they look very authentic:

(*Anthem *is* going to send members more info., but they are going to SNAIL MAIL it, so if you get any emails directly from Anthem, you should assume that they are fraudulent.)


----------



## DeniseM (Feb 6, 2015)

How to place a fraud alert with the 3 National Credit Reporting Companies:  http://www.consumer.ftc.gov/articles/0275-place-fraud-alert

After I completed the first fraud report with Equifax, I got a message saying they would send the report to the other two companies.

Once I get the letter from Anthem, I may or may not accept their offer, depending on what it is.  I'm not crazy about Lifelock, so if that is what they are going to offer, I may pass.


----------



## bogey21 (Feb 6, 2015)

Not sure I am right about this but I think free Fraud Alerts with the Credit Reporting Agencies last for only 90 days.  I feel more secure with the freezes I put on my accounts with the 3 Agencies a couple of years ago.  They last forever and cost between $10 and $12.50 for each Agency depending what State you live in.

George


----------



## DeniseM (Feb 6, 2015)

You can renew the alert after 90 days, for another 90 days.  

On the Equifax website, there weren't any other options offered - if you know how to access that, please post a link.

*I googled it, and found a form to fill out and mail with a $10 payment.

Mailing a form with all our sensitive info. on it, seems risky itself.  
I think I will wait and see what Anthem is going to offer us, before I decide if I'm going to do this.


----------



## DeniseM (Mar 24, 2015)

They got us - a credit card showed up in the mail this weekend that neither of us applied for, and when DH called the CC company, they confirmed that "someone" [used] the CC on March 18th.  

We have turned it over to the credit protection agency that Anthem Blue Cross is providing to their members:  All Clear Secure.

We froze our credit with the 3 credit bureaus as soon as Anthem got hacked, so not sure how a credit card application got through.  

So annoying!


----------



## tante (Mar 24, 2015)

DeniseM said:


> They got us - a credit card showed up in the mail this weekend that neither of us applied for, and when DH called the CC company, they confirmed that "someone" applied for the CC on March 18th.
> 
> We have turned it over to the credit protection agency that Anthem Blue Cross is providing to their members:  All Clear Secure.
> 
> ...



Which card was it? You may be able to narrow down to which credit bureau they got through. Them you call them and complain.


----------



## DeniseM (Mar 24, 2015)

tante said:


> Which card was it? You may be able to narrow down to which credit bureau they got through. Them you call them and complain.



It was a VISA affiliated with a cell phone company, which we have never done business with.

We have turned it over to All Clear Secure, and they are supposed to handle everything - Anthem Blue Cross is providing this service to their customers.


----------



## tante (Mar 24, 2015)

DeniseM said:


> It was a VISA affiliated with a cell phone company, which we have never done business with.
> 
> We have turned it over to All Clear Secure, and they are supposed to handle everything - Anthem Blue Cross is providing this service to their customers.



My mom was part of the anthem hack. I will have her sign up for all clear.


----------



## DeniseM (Mar 24, 2015)

tante said:


> My mom was part of the anthem hack. I will have her sign up for all clear.



Here is the info:  



> All Clear SECURE: The team at AllClear ID is ready and standing by if you need identity repair assistance. This service is automatically available to you with no enrollment required. If a problem arises, simply call 1-877-263-7995 and a dedicated investigator will do the work to recover financial losses, restore your credit and make sure your identity is returned to its proper.



This is part of a long email from Anthem, which she should have received.

More info:  https://www.allclearid.com/about/faq/


----------



## Pat H (Mar 24, 2015)

I have gotten 2 letters from Anthem although I don't ever remember being in their network.


----------



## x3 skier (Mar 24, 2015)

Since I got All Clear in the Home Depot hack, the Anthem All Clear is tacked onto that so I now have about three more years of free protection.

At this rate I probably will have free credit protection for the rest of my life. 

So far, I've had existing credit cards compromised and handled by the issuing bank but nothing remotely associated with new credit cards, loans, etc. 

Cheers


----------



## uop1497 (Mar 24, 2015)

I received the notification letter from Blue Cross yesterday. 

I just wonder what to do next. There is no mention about All clear secure contact number in the letter. 

Besides obtain a credit history report to check for unusual activities, is there any thing else I can do to protect ourselves?


----------



## DeniseM (Mar 24, 2015)

uop1497 said:


> I received the notification letter from Blue Cross yesterday.
> 
> I just wonder what to do next. There is no mention about All clear secure contact number in the letter.
> 
> Besides obtain a credit history report to check for unusual activities, is there any thing else I can do to protect ourselves?



-You can contact the 3 credit bureaus and freeze your credit:

How to place a fraud alert with the 3 National Credit Reporting Companies:  http://www.consumer.ftc.gov/articles/0275-place-fraud-alert

-Click here for all the info. about All Clear:   https://www.allclearid.com/about/faq/


----------



## Sea Six (Mar 24, 2015)

DeniseM said:


> They got us - a credit card showed up in the mail this weekend that neither of us applied for, and when DH called the CC company, they confirmed that "someone" applied for the CC on March 18th.
> 
> We have turned it over to the credit protection agency that Anthem Blue Cross is providing to their members:  All Clear Secure.
> 
> ...



The problem is the credit cards someone applied for using your identity that were mailed to THEIR address, not yours.  That is why you need to monitor the credit agencies, just to see what accounts are open in your name.


----------



## theo (Mar 24, 2015)

tante said:


> My mom was part of the anthem hack. I will have her sign up for all clear.



Anthem is actually the parent company to numerous _*other*_ large entities besides BlueCross, so the hack of inadequately protected personal information is more problematic than many even currently comprehend.

According to a letter recently received by my 90 year old mother, whose health insurance (not Blue Cross, but another entity under the Anthem banner) the hack reportedly commenced in December, 2014. How or why its' discovery and / or reporting to those potentially impacted took several months frankly escapes me.


----------



## tante (Mar 24, 2015)

theo said:


> Anthem is actually the parent company to numerous _*other*_ large entities besides BlueCross, so the hack of inadequately protected personal information is more problematic than many even currently comprehend.
> 
> According to a letter recently received by my 90 year old mother, whose health insurance (not Blue Cross, but another entity under the Anthem banner) the hack reportedly commenced in December, 2014. How or why its' discovery and / or reporting to those potentially impacted took several months frankly escapes me.



They may not have know they were hacked for several months and then spent time trying to determine the scope.


----------



## DeniseM (Mar 24, 2015)

Sea Six said:


> The problem is the credit cards someone applied for using your identity that were mailed to THEIR address, not yours.  That is why you need to monitor the credit agencies, just to see what accounts are open in your name.



The things is, when you put a freeze on your credit, they aren't supposed to be able to open credit in your name!


----------



## tante (Mar 24, 2015)

DeniseM said:


> The things is, when you put a freeze on your credit, they aren't supposed to be able to open credit in your name!



Exactly. They are supposed to call you if you try to open a line of credit.


----------



## PStreet1 (Mar 24, 2015)

uop1497 said:


> I received the notification letter from Blue Cross yesterday.
> 
> I just wonder what to do next. There is no mention about All clear secure contact number in the letter.
> 
> Besides obtain a credit history report to check for unusual activities, is there any thing else I can do to protect ourselves?



My husband got a letter from Anthem; I didn't.  I called Anthem to discuss why one of us would get the letter and not the other since, obviously, the credit is intertwined.  They said I could sign up for the 3 year protection without having received the letter; it's open to anyone who has ever been an Anthem customer, and you need not have received the letter.  We both signed up.


----------



## DeniseM (Mar 24, 2015)

More exciting news:  The thieves had already maxed out the cash advance limit on the credit card - $7,000.


----------



## Fern Modena (Mar 24, 2015)

Kaiser? The Veterinary hospital? Oh wait, that isn't being very kind to dogs and cats.

Fern



camachinist said:


> Haven't heard anything from them. Been a customer for about 15 years. New Obamacare customer so both Covered CA and Anthem got some personal information. That's life I guess. It's either them or Kaiser.


----------



## uop1497 (Mar 24, 2015)

PStreet1 said:


> My husband got a letter from Anthem; I didn't.  I called Anthem to discuss why one of us would get the letter and not the other since, obviously, the credit is intertwined.  They said I could sign up for the 3 year protection without having received the letter; it's open to anyone who has ever been an Anthem customer, and you need not have received the letter.  We both signed up.



Thank you for good inputs.

 Only DH received the letter in our family. Our children was covered under his insurance plan. Will this incident affect them as well.

 I do not quite understand about 3 year protection plan. Can someone please clarify (which company and how we get protection ) . I do not recall any explanation regarding 3 years protection mentioned in the letter .

If we need to apply for a new credit card within that 3 years, how it will work.  I am thinking placing a freeze on our credit history is easy, but it will made a big impact if we need to apply for a new credit card. Thank you.


----------



## DeniseM (Mar 24, 2015)

1)  Anthem is providing a free credit recovery/protection service to people who may have been impacted by the security breach (All Clear ID.)  The entire family is covered. 

Click here for all the details ->>>> https://www.allclearid.com/about/faq/

2)  When there is a freeze on your credit, the credit bureau is supposed to contact you, when there is any type of credit application in your name.

Click here for all the details ->>>> http://www.consumer.ftc.gov/articles/0275-place-fraud-alert


----------



## MuranoJo (Mar 24, 2015)

That's strange--neither of us has received anything in the mail since the first email alert.  DH said he read the other day that it may affect just one arm of Anthem-BC.


----------



## SmithOp (Mar 24, 2015)

We got emails and letters, we have CalPers NetValue healthcare, which is apparently Anthem.  We had to pay the $10 fee each to freeze credit.  They are only covering the basic All Clear plan, there is a pro plan offer too for a cost.  


Sent from my iPad using the strange new version of Tapatalk


----------



## theo (Mar 25, 2015)

SmithOp said:


> We got emails and letters, we have CalPers NetValue healthcare, which is apparently Anthem.  We had to pay the $10 fee each to freeze credit.  They are only covering the basic All Clear plan, *there is a pro plan offer too for a cost*.



...and for the above mentioned "pro plan", cost aside, you must submit all of your personal information all over again --- not exactly comforting in the immediate aftermath of a data breach. Who's to say that the "protective" entity is even any better at protecting personal information than the hacked entity was?


----------



## pedro47 (Mar 25, 2015)

MuranoJo said:


> That's strange--neither of us has received anything in the mail since the first email alert.  DH said he read the other day that it may affect just one arm of Anthem-BC.



We received our two (2) page letter in the mail on 3/24/2015 from Anthem-BC.


----------



## SmithOp (Mar 25, 2015)

theo said:


> ...and for the above mentioned "pro plan", cost aside, you must submit all of your personal information all over again --- not exactly comforting in the immediate aftermath of a data breach. Who's to say that the "protective" entity is even any better at protecting personal information than the hacked entity was?




Ugh, dont get me started, they just used a third party to verify dependent eligibility and I had to send  info to them because CalPers staff was too damn lazy or inept to look in their own records. Every time I have a claim they send me an affidavit I have to sign that I dont have secondary insurance.


Sent from my iPad using the strange new version of Tapatalk


----------



## Sea Six (Mar 25, 2015)

SmithOp said:


> We got emails and letters, we have CalPers NetValue healthcare, which is apparently Anthem.  We had to pay the $10 fee each to freeze credit.  They are only covering the basic All Clear plan, there is a pro plan offer too for a cost.
> 
> 
> Sent from my iPad using the strange new version of Tapatalk



According to the letter we got from Anthem, there is no cost for the Pro Plan.  For the first 2 years, you enter a redemption code when prompted for the fee, which zeroes out your cost.  If you stay past the 2 year free period, then there is a monthly service fee:

"For additional protection, and at no cost, affected U.S. individuals may also enroll in the AllClear PRO service at any time during the next 24 months. This service includes credit monitoring and an identity theft insurance policy. You may sign up online at https://anthem.allclearid.com/PRO using the following redemption code:  XXX-YYYY-ZZZZZ"


----------



## suzanne (Mar 25, 2015)

DH and I just got letters in the mail from Premera Blue Cross telling us they had ben hacked and our information was included in the hack. We have not had Premera Blue Cross for at least 7 years. We both have Humana Medicare plans. Funny thing is that we moved 4 years ago and yet the letters came to our new address. Makes me wonder how long they keep the info about you on file and how they manage to keep track of you after 7 years of not being a member of their company.

Suzanne


----------



## Sea Six (Mar 25, 2015)

DeniseM said:


> The things is, when you put a freeze on your credit, they aren't supposed to be able to open credit in your name!



That's IF you freeze your account.  Point is, even if you're not part of this Anthem hack, or did not freeze your credit, new accounts can be opened under your name when your identity is known.  Credit cards will be issued without you knowing anything about it - UNLESS you check your credit report.


----------



## DeniseM (Mar 25, 2015)

I froze my accts at the 3 credit bureaus as soon as we heard about the security breach and they managed to open a cc acct. in our name anyway.  

Sent from my BNTV400 using Tapatalk


----------



## geekette (Mar 25, 2015)

suzanne said:


> DH and I just got letters in the mail from Premera Blue Cross telling us they had ben hacked and our information was included in the hack. We have not had Premera Blue Cross for at least 7 years. We both have Humana Medicare plans. Funny thing is that we moved 4 years ago and yet the letters came to our new address. Makes me wonder how long they keep the info about you on file and how they manage to keep track of you after 7 years of not being a member of their company.
> 
> Suzanne



Remember the ole lifetime caps ins cos imposed?  They keep track of you in case you have insurance with them again to be sure you don't go over the max cap.  I found this out some years back when I came under same umbrella as insurer I'd previously had and the "remaining lifetime benefit" was not the same number as Lifetime Max Benefit.  I had always assumed "life of this policy" vs my actual lifetime.


----------



## geekette (Mar 25, 2015)

DeniseM said:


> I froze my accts at the 3 credit bureaus as soon as we heard about the security breach and they managed to open a cc acct. in our name anyway.
> 
> Sent from my BNTV400 using Tapatalk



The hack occurred long before we found out about it.  The thieves had time.


----------



## DeniseM (Mar 25, 2015)

geekette said:


> The hack occurred long before we found out about it.  The thieves had time.



The credit card was issued this week - brand new.  I froze our Accts. the first week of February, so hard to figure.


----------



## rapmarks (Mar 25, 2015)

Ann-Marie said:


> When is Medicare going to stop using Social Security numbers for your ID number?  If you are on Medicare, you walk around with your social security number all the time.


when my wallet was stolen, my medicare card was there, also drivers license so they have all the information they need if they choose to .  I hope they only wanted my  cash


----------



## geekette (Mar 25, 2015)

DeniseM said:


> The credit card was issued this week - brand new.  I froze our Accts. the first week of February, so hard to figure.



Aye, that is a strange timeline, I agree, should not have happened.  What say the freezers?  Presumably it is possible to issue credit on a frozen account OR they got around the freeze.  

Please keep us updated as maybe frozen is not the solid state we thought it was supposed to be.


----------



## DeniseM (Mar 25, 2015)

I'm supposed to get a report back in 3 days, and I will post the results.


----------



## presley (Mar 25, 2015)

DeniseM said:


> I'm supposed to get a report back in 3 days, and I will post the results.



I'll be interested to hear as I have had my identity stolen this year and put a security freeze on all 3 credit reports, but my credit monitoring service only shows that one has done that so far. Maybe the credit bureaus are really slow. Mine was little different in that I had to mail in a police report (to get my freezes put in place for free). So, maybe that is part of the lag with mine, but I think they are just in no hurry.


----------



## tante (Mar 25, 2015)

presley said:


> I'll be interested to hear as I have had my identity stolen this year and put a security freeze on all 3 credit reports, but my credit monitoring service only shows that one has done that so far. Maybe the credit bureaus are really slow. Mine was little different in that I had to mail in a police report (to get my freezes put in place for free). So, maybe that is part of the lag with mine, but I think they are just in no hurry.



Just to add to the above:
Anyone can post a freeze on their account for a small fee (usually $5 to $10 plus there can be another fee to remove) but it can be free if you are the victim of identity theft.


----------



## dioxide45 (Mar 25, 2015)

DeniseM said:


> The credit card was issued this week - brand new.  I froze our Accts. the first week of February, so hard to figure.



Is the credit card with a company you already have credit with? Perhaps they just approved the card based on your current relationship and didn't pull credit? I don't know if companies even do that?


----------



## DeniseM (Mar 25, 2015)

dioxide45 said:


> Is the credit card with a company you already have credit with? Perhaps they just approved the card based on your current relationship and didn't pull credit? I don't know if companies even do that?



No - it was issued by a bank we have never done any kind of business with, and affiliated with a cell phone services that we've never had.


----------



## DeniseM (Mar 31, 2015)

Update on the Anthem hack from another thread:



LisaRex said:


> How awful.
> 
> I had my identity stolen by the Anthem (Blue Cross) data breach.  They used my and my husband's SSNs and filed a fake return with the IRS.  When I tried to e-file my tax return last week, I was notified that the IRS had already accepted a return with our SSNs.  Ruh roh.




If you are caught up in the Anthem mess, or any type of identity theft, here is the info. to report it to the IRS:



> If you become the victim of identity theft outside the tax system or believe you may be at risk due to a lost/stolen purse or wallet, questionable credit card activity or credit report, etc., you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at* 1-800-908-4490* so we can take steps to further secure your account.



MORE INFO:  http://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft

Our ID was also stolen in the Anthem mess, and the date thieves used it to open some kind of online bank Acct., and get a debit card, and take a $7,000 cash advance.  I found out that this type of activity (debit card - not credit card) does not go through the Credit Bureaus - it goes through a similar agency for bank security, called CHEX - where you can also file a report:



> Consumer Report Security Freeze. This will prohibit ChexSystems from releasing any information in your consumer file without your express authorization, meaning you have to contact ChexSystems and lift the freeze in order for your information to be released (much like placing a freeze with the credit reporting agencies). You should be aware that taking advantage of this right may delay or prevent timely approval from any user of your consumer report that you wish to do business with. The third party will receive a message indicating that you have blocked your information. To set the Consumer Report Security Freeze, call 800-887-7652 or visit ConsumerDebit.com.


----------



## presley (Mar 31, 2015)

DeniseM said:


> Our ID was also stolen in the Anthem mess, and the date thieves used it to open some kind of online bank Acct., and get a debit card, and take a $7,000 cash advance.  I found out that this type of activity (debit card - not credit card) does not go through the Credit Bureaus - it goes through a similar agency for bank security, called CHEX - where you can also file a report:



That's a real bummer! We just had to open a new account at our long time credit union where they know us because they see us every week. They holler our names with a Hello across the whole place when we walk in. We had to give them our IDs to copy to open another account and we both had to be there in person because of the patriot act. It doesn't matter that they've known us forever.

It figures these scammers would know how to open an online bank account. Was it even in the US? Who is liable for all that stuff?


----------



## DeniseM (Mar 31, 2015)

presley said:


> That's a real bummer! We just had to open a new account at our long time credit union where they know us because they see us every week. They holler our names with a Hello across the whole place when we walk in. We had to give them our IDs to copy to open another account and we both had to be there in person because of the patriot act. It doesn't matter that they've known us forever.
> 
> It figures these scammers would know how to open an online bank account. Was it even in the US? Who is liable for all that stuff?



The card issuer did not give us any of the details, but it was a US Bank, and the debit card was affiliated with a cell phone company.  We have never done business with either one.


----------



## bogey21 (Mar 31, 2015)

presley said:


> I'll be interested to hear as I have had my identity stolen this year and put a security freeze on all 3 credit reports, but my credit monitoring service only shows that one has done that so far. Maybe the credit bureaus are really slow. Mine was little different in that I had to mail in a police report (to get my freezes put in place for free). So, maybe that is part of the lag with mine, but I think they are just in no hurry.



The reason for the slowness may be because you were taking advantage of the "free" 90 day freezes.  I know that when I paid the $10 each for permanent freezes a couple of years ago they were all set up in less than 24 hours.

George


----------



## Talent312 (Mar 31, 2015)

First thing to do is do a 90-day "fraud-alert" w/one of the credit agencies.
It's free, nearly instantaneous, and they spread it to the other agencies.
You can follow that up with a "freeze" with each. It can be lifted as needed.

----------------
Of major-bank CC issuers I've used over the years, Cap-One is the most pro-active.
They've denied my CC at grocery stores 2x (they text you to verify the charge).
Recently, w/about 10 days notice, they closed the account and issued a new card.
"May have been..." It's been quite annoying, but it's nice that they're so vigilant.


----------



## DeniseM (Mar 31, 2015)

Talent312 said:


> First thing to do is do a 90-day "fraud-alert" w/one of the credit agencies.
> It's free, nearly instantaneous, and they spread it to the other agencies.
> You can follow that up with a "freeze" with each can be lifted as needed.



We did that immediately, but it doesn't stop bank related and IRS related fraud.


----------



## DeniseM (Apr 1, 2015)

I just learned that a Fed. tax return has been filed under my DH's social security number by the identity thieves.  (Yes, that means that they probably got a of money from the IRS - we were paying - not getting money back.)

Here is a link to the form to fill out for the IRS -  if you are or have been an Anthem customer - don't wait - be proactive:  http://www.irs.gov/pub/irs-pdf/f14039.pdf

Our Tax people directed us to file a hard copy of our tax return, and to include the Identity theft form with the tax return, and check.

*No - this is not an April Fools Joke - I wish!


----------



## DeniseM (Apr 1, 2015)

So, I'm guessing that they used the bogus refund to open the online VISA Debit card in my DH's name, and then cashed out the debit card....


----------



## bogey21 (Apr 1, 2015)

DeniseM said:


> I just learned that a Fed. tax return has been filed under my DH's social security number by the identity thieves.  (Yes, that means that they probably got a of money from the IRS - we were paying - not getting money back.).



You are fortunate that you are not looking to get money back.  A friend of mine was notified by the IRS that they were auditing her 2014 Return (that she had not yet filed).  They told her the reason was that historically she had filed jointly with her husband and that her 2014 Return was (fraudulently) filed using only her SSN.  The IRS said that although they caught it she would have to file a bunch of paperwork and could expect their (her and husband's) tax refund to be delayed up to 15 months!!

George


----------



## Talent312 (Apr 1, 2015)

I hate to see identity theft happen to anyone.
Whether we transact business online or not, our data is out there, which puts us all at risk.

Thieves who rob us of our financial security are IMHO, worse than burglars who take stuff.

--------------------


----------



## MuranoJo (Apr 2, 2015)

DeniseM said:


> I just learned that a Fed. tax return has been filed under my DH's social security number by the identity thieves.  (Yes, that means that they probably got a of money from the IRS - we were paying - not getting money back.)
> 
> Here is a link to the form to fill out for the IRS -  if you are or have been an Anthem customer - don't wait - be proactive:  http://www.irs.gov/pub/irs-pdf/f14039.pdf
> 
> ...



Oh geez, what next?  Sorry this has happened to you.

We still haven't received any hardcopy mail from BCBS, so we're hoping we were in an area that wasn't affected.  Checking accounts daily.


----------



## theo (Apr 2, 2015)

Talent312 said:


> I hate to see identity theft happen to anyone.
> Whether we transact business online or not, our data is out there, which puts us all at risk.
> 
> Thieves who rob us of our financial security are IMHO, worse than burglars who take stuff.



I agree wholeheartedly with every word expressed above.

Words fail me in describing how irritating it is that entities such as Anthem, possessing a massive amount of intimate personal information on many thousands of people, have clearly put too little effective effort into the actual protection and security of that data.  We're not talking about rocket science or moon launches here, people. 

My 90 year old mother, as an impacted example, has never had an online transaction in her life and would never even consider it. Nonetheless, compliments of Anthem's obvious and inexcusable lack of adequate data security measures, her SSN, DOB, address, phone number, etc. are all now out there in the hands of who-knows-who (or how many) people of obvious ill intent, located who-knows-where, for who-knows how long into the future. I'm doing anything and everything possible to help "close the barn door after the horse has gone", but it was plainly *Anthem's responsibility* to have properly secured *its' own* barn door in the first place.  :annoyed:

Denise's above-described (and ongoing) dilemma is the worst case scenario and I feel for her, but she and hubby obviously have the smarts,  focus and energy to tackle it and deal with it as necessary, despite being involuntarily put in that unwelcome position in the first place. But what exactly is an elderly person (who just happens to have an insurance card from one of many Anthem sub-entities) who *has* no personal advocate, little or no computer savvy (and maybe no awareness yet of bad events already having occurred) supposed to do in the face of fraudulent tax returns, new credit cards or bank accounts having been opened, purchases made, cash withdrawn, etc.? To just casually refer any such Greatest Generation elders to assorted web site URL's is unacceptable, inadequate and a real disservice to their former sacrifices and societal contributions. My late and great Dad, a decorated WWII veteran and self-made, successful man, had never touched a computer in his entire life.  

I find myself wondering if Federal legislation with real teeth and hefty monetary penalties for non-compliance might better "motivate" such companies to implement proper and effective data security measures. Yeah, I know, "more unwelcome government intrusion, blah, blah, blah" ---- a knee-jerk reaction and a valid objection. *But*......wouldn't a multi-million dollar fine imposed here and there provide some real, substantive "motivation" to security-lazy companies that, absent any such "motivation" being currently in place, apparently choose to think only with their balance sheets instead of with their brains? Perhaps they need something that very directly and promptly impacts their bottom line via an expensive (and entirely avoidable) "dope slap" that *hits them and hurts right where it really "counts"*.

Personally, I am not particularly impressed by Mickey Mouse (IMnsHO) "All Clear", "Life Lock", and similar third party efforts made (...for a price) after the fact. 
Instead, I'd like to read a whole lot more about energetic, preventative, competent, proactive (even mandatory) data security efforts. But maybe that's just me. 

Rant now concluded. Thanks for "listening" --- if you even got this far.


----------



## Tia (Apr 2, 2015)

An ounce of prevention is worth a pound of cure as they say! Criminals can keep your information for years and the little bit of credit monitoring they pay for is peanuts compared to the mess they have created for people down the road. 



theo said:


> I agree wholeheartedly with every word expressed above.
> 
> Words fail me in describing how irritating it is that entities such as Anthem, possessing a massive amount of intimate personal information on many thousands of people, have clearly put too little effective effort into the actual protection and security of that data.  We're not talking about rocket science or moon launches here, people.
> 
> ...


----------



## dioxide45 (Apr 5, 2015)

We have Anthem coverage and have had so for a several years. We have had several notices and articles from our employer on the breach, but to date we haven't received anything from Anthem in e-mail or snail mail. Not sure why.

I was concerned that we might have issues like Denise as we hadn't filed our taxes yet. Though I just e-filed yesterday and the return was accepted by the IRS. So I guess that means that a return hasn't been fraudulently filed in either of our names? Is your e-filed return rejected if someone did fraudulently file a return?


----------



## DeniseM (Apr 5, 2015)

The return is immediately rejected, if the social security number has already been used.

If I were you, I'd be proactive, and freeze my credit with the credit bureaus, and the CHEX (banking) system, and also sign up for All Clear ID.


----------



## Ken555 (Apr 5, 2015)

I just received the letter from Anthem. I supposed I was last since I switched to another provider a few years ago. What fun. I already monitor my credit, so not sure if I'm going to do anything just yet tho will review options.


Sent from my iPad


----------



## DeniseM (Apr 5, 2015)

It must go way back, because I got a letter from Anthem under my current insurance, and another one from a policy I had with them more than 17 years ago.


----------



## PamMo (Apr 6, 2015)

Denise, I feel your pain. I just got a letter from the IRS that our tax refund has problems with direct deposit. How odd, since we haven't filed yet. The IRS confirmed that someone filed a fraudulent tax return, but it was flagged because too many refunds were going into one account (the limit is three). With much aggravation, we've hopped on the identity theft victim train with you and countless others. What a headache.

BTW, we've never been a client of Anthem, though, so who knows where the criminals got our information. Grrrrrrrr......:annoyed:


----------



## camachinist (Apr 6, 2015)

The IRS angle will be an interesting one to report back on once I get everything done this week. 

I wonder if the IRS flags a return that comes in as a 1040EZ where I've been filing long form with SchedC  and SchedE for nearly 30 years? Guess I'll find out. So far no issues with the credit reporting agencies and I've been an Equifax subscriber for over a decade so have some track record on how they report anomalies. I guess it's time for a tri-merge again. 

Looks like the health care industry was/is a good back door for crackers.


----------



## SDKath (Apr 15, 2015)

Joining this illustrious club. We've been "breeched" with a fraudulent tax filing (1040EZs).

Does anyone know if we signed up with the Anthem credit monitoring for free if they freeze your accounts for 90 days automatically or do we have to do it ourselves.

Also, we want to do the extended 7y freeze.  But we need to file a police report to do so.  Is there any specific proof aside from what the accountant told us (and the refund check) that we would need to make the police report?  Did you just call the local police station and ask to file a report?

Thanks all!  Katherine


----------



## b2bailey (Apr 15, 2015)

Theo -- as I was reading your post it occurred to me that many elderly people are no longer required to file an income tax return due to lower income levels. And so...if this fraudulent IRS activity were to take place using their SS # it is possible it would never be discovered.


----------



## camachinist (Apr 15, 2015)

I filed Monday using TurboTax online per usual and both state and fed accepted my returns and I haven't gotten any adverse responses as of yet. Nothing remarkable on the tri-merge. So far I guess I got lucky.


----------



## theo (Apr 16, 2015)

b2bailey said:


> Theo -- as I was reading your post it occurred to me that many elderly people are no longer required to file an income tax return due to lower income levels. And so...if this fraudulent IRS activity were to take place using their SS # it is possible it would never be discovered.



True enough, although in my 90 year old mother's case her assets are quite substantial, thanks to the considerate advance planning of my late Dad, and definitely require annual tax filings, both state and federal.

I personally oversee all of her investment accounts and tax affairs now; no IRS issues have arisen to date (knocking on wood). In her case, my bigger concern is the potential use of pilfered, detailed identity info (thanks again, Anthem) to try to access and withdraw from any of her assorted accounts while "pretending" to be her.


----------



## Tia (Apr 16, 2015)

Going to guess you better freeze your own credit ....... as when in doubt best to find out or just take action



SDKath said:


> Joining this illustrious club. We've been "breeched" with a fraudulent tax filing (1040EZs).
> 
> Does anyone know if we signed up with the Anthem credit monitoring for free if they freeze your accounts for 90 days automatically or do we have to do it ourselves.
> 
> ...


----------



## presley (Apr 16, 2015)

SDKath said:


> Also, we want to do the extended 7y freeze.  But we need to file a police report to do so.  Is there any specific proof aside from what the accountant told us (and the refund check) that we would need to make the police report?  Did you just call the local police station and ask to file a report?



Call your local station and tell them you want to file a stolen identity report. They will let you know if they need copies of anything. A few days after they finish the report, you can go there and buy a copy of it. Nothing is fast or free.

Depending on your state, it may be worth it to just pay the $10. for the permanent freezes, unless you feel the damage is already done and you aren't in any hurry now.


----------



## bogey21 (Apr 16, 2015)

Bite the bullet and pay the $10 to each of the 3 Credit Reporting Agencies for permanent freezes.  I did this about 3 years ago and have never regretted the expenditure.  Twice I have had to temporarily remove the freeze (once at Experian and once at Equifax) for 24 hours periods (once for a new cell phone account and once to renew an automobile lease).  All it took was a phone call making sure I had  the 8 digit code provided by the Agency in hand.  After the 24 hours "exposures" were over I received emails telling me that my freeze had been reinstated.  Smooth as silk.

George


----------



## swditz (Apr 16, 2015)

interesting segment on the news today. they were reporting instances of identities being used to receive health care from hospitals that eventually get billed to the real person. These bills can be very large and take awhile to surface. Being health accounts that were hacked they give the hackers a lot of information about the individuals health background, insurance id numbers etc.


----------



## theo (Apr 16, 2015)

bogey21 said:


> Bite the bullet and pay the $10 to each of the 3 Credit Reporting Agencies for permanent freezes.  <snip>



It was even less when I went through this drill on my mother's behalf a few weeks ago now. One charged $5, one charged $10, one charged nothing at all --- I have no recollection of which was which. I think that fees vary from state to state as well; my mother lives south of me, in Massachusetts.


----------



## bogey21 (Apr 16, 2015)

theo said:


> It was even less when I went through this drill on my mother's behalf a few weeks ago now. One charged $5, one charged $10, one charged nothing at all --- I have no recollection of which was which. I think that fees vary from state to state as well; my mother lives south of me, in Massachusetts.



Nothing is foolproof but locking out (freezing) accounts at the 3 Credit Reporting Agencies is a huge step in the right direction and the price is right.  I understand that some will think it is a hassle when you want someone legitimate to check your credit but it really isn't.  

Let's say you want to change your car insurance from State Farm to Allstate.  All you have to do is ask Allstate which of the Agencies they are going to use; call and remove your freeze for 24 hours (longer if you want); and you are done.  It should take two 2 minute phone calls at the worst.  At the expiration of the freeze removal the Credit Reporting Agency will send you an email telling you that your freeze has been reestablished.

George


----------



## LisaRex (May 10, 2015)

We had our identities stolen by thieves who filed taxes.  What irks me is that the government issues refunds without verifying ANY data.  That is recklessly stupid.  It allows fraudsters to simply make up data, knowing that the IRS, like mindless monkeys, will write them a check, no questions asked. 

My Credit card company has its act together, so much that they've caught, and stopped, several instances of fraud well before I would have ever noticed.  In contrast, our federal government doesn't even do the simplest match, such as a W2 data match, because they issue refunds before they even have the data.  Sorry, that is the stupidest system on earth. 

ANY one of these things should thrown up a red flag to an entity that employs the most basic security:  

*New address - we hadn't moved in 20 years. 

*Refund - we hadn't gotten a refund in 25 years.  We NEVER over-withhold, by design. We ALWAYS owe money...because we always have investment income that we owe taxes on. 

*Early filing - we've filed no earlier than late February in every year that we've filed.  In the last 3 years, we've filed in late March/early April.  We've never filed in January. 

*W2/Investment income - We've reported investment income since we've started filing. The lack of investment income should have triggered a red flag. Or, if the fraudsters simply made up investment information, that should have triggered a red flag because we wouldn't have had the 1099 that early. 

The trouble is that our Congressmen have passed laws telling the IRS that they need to issue refunds with x days.  That makes sense if people are due legitimate refunds, but it makes no sense when faced with unprecedented number of fraudulent filings.  They need to repeal that law, then they need to push back the filing date until the IRS has data in their hot little hands -- data needed to do the simplest match, such as W2 earnings.


----------



## SmithOp (May 10, 2015)

The IRS recommends you sign up for an identity protection pin that must be provided to file with. Once we found out the Anthem hack included us we submitted the affidavit.  Once its active you have to use it every year, auto renews.  Its mailed out in early January


----------



## Tia (May 10, 2015)

The internet has made things easier but also riskier, no doubt about it. Seems like there is a new rash of fraud in tax filing from reading here. Didn't they cut the budget of the IRS maybe that has caused some of it, not enough people doing the real thinking work. How do the criminals figure all this stuff out ? Guess it's a full time job for them...


----------



## LisaRex (May 10, 2015)

SmithOp said:


> The IRS recommends you sign up for an identity protection pin that must be provided to file with. Once we found out the Anthem hack included us we submitted the affidavit.  Once its active you have to use it every year, auto renews.  Its mailed out in early January



We had a PIN that we used with TurboTax.  The IRS allows you to bypass the PIN if you know last year's AGI.  Guess what information Anthem also had on file?  Yup.  Last year's AGI.  (Obamacare related.) 

To be clear, this wasn't the work of some small town hacker.  This was a well-oiled, well-versed machine.  They stole the data late last year and had already filed returns before many people had even gotten the notification from  Anthem that their information had been stolen. They recruited college kids via Craigslist to be mules. Because a foreign bank account would set up a red flag, they had these kids open domestic checking accounts into which they funneled the refunds. The proxies kept a percentage as payment for transferring the rest to (reportedly) Nigeria.  Home of Boko Haram.  

You know what's worse than writing out a $10,000 check to the IRS? Knowing that the check may not even offset what was stolen by these heartless, brutal criminals.  I'd have rather thrown my hard-earned money into the river.


----------



## SmithOp (May 10, 2015)

Agree completely, I wrote the same check.   I started a return in Jan to figure out my final estimated payment, used Taxcut online version.  Two days later I got an email for filing my Minnesota taxes, I live in CA.


----------



## PamMo (May 11, 2015)

LisaRex said:


> We had a PIN that we used with TurboTax.  The IRS allows you to bypass the PIN if you know last year's AGI.  Guess what information Anthem also had on file?  Yup.  Last year's AGI.  (Obamacare related.)
> 
> To be clear, this wasn't the work of some small town hacker.  This was a well-oiled, well-versed machine.  They stole the data late last year and had already filed returns before many people had even gotten the notification from  Anthem that their information had been stolen. They recruited college kids via Craigslist to be mules. Because a foreign bank account would set up a red flag, they had these kids open domestic checking accounts into which they funneled the refunds. The proxies kept a percentage as payment for transferring the rest to (reportedly) Nigeria.  Home of Boko Haram.
> 
> You know what's worse than writing out a $10,000 check to the IRS? Knowing that the check may not even offset what was stolen by these heartless, brutal criminals.  I'd have rather thrown my hard-earned money into the river.



Same thing happened to us, but the IRS flagged the return and contacted us because too many returns were being sent to the same bogus bank account. The IRS won't send more than three refunds to the same account.


----------



## MuranoJo (May 24, 2015)

Well, I posted back awhile ago that we hadn't received any notices, but the other day I did.  Thing is, this snail-mail notice came from 'Premera' which claims to be an independent licensee of BCBS.  The letter is dated March 17, yet I didn't receive it until a few days ago.  They said I may have used services in WA and AK at some point since '02.  But I didn't.  Anyway, this particular letter is saying I can get ProtectMyID membership for 24 months, which seems to be different from what others have been offered so far.

I'll check it out further before I sign up (never heard of Premera or ProtectMyId), but just wanted to let others know (as expected) it's still dribbling on.


----------



## SmithOp (May 24, 2015)

We got one too from Primera, never been to WA or AK.  Wife called in and they said it was a blue cross affiliate so they were notifying everyone too. We already activated the Anthem coverage and put the credit lock on so just going to ignore this letter.


----------



## theo (Jun 5, 2015)

*"Highest security" clearly ain't anywhere NEAR good enough...*



SmithOp said:


> *Govt agencies have the highest security because our tax dollars pay for it.*  Too many companies are profit driven and cut corners on IT systems.  Google NIST and FEDRamp for the latest govt security standards.



Clearly, those tax dollars are not being effectively spent in (allegedly) having this "highest security". China has now apparently hacked OPM (the U.S. Government internal employment and benefits agency) and, in so doing, has now successfully obtained any and all personal information possible on *4 million* current and former U.S. Govt. employees, many of whom have or had high level security clearances themselves  in the course of their employment, past or present. Whether or not this pilfered info also includes the pertinent details of all the specific bank accounts into which salaries and / or pensions are direct deposited by OPM will certainly be revealed soon enough. 

Not at all reassuring --- to say the least. I recently read *Cyber War* (by Richard Clarke, formerly of the Clinton administration). His indictment by reporting of facts regarding the woeful lack of sufficient concern, focused effort and consistent attention by our government on cyber-security is, at best, really and truly frightening.


----------



## MuranoJo (Jun 6, 2015)

One of my BILs works for SS and they're pretty upset, to say the least.
After a quick glance at news early today, it sounded like China was 'highly suspected.'

What with all the hackings lately from suspected foreign sources, we are definitely exposed in too many areas.


----------



## jhoug (Jun 15, 2015)

*Totally agree with LisaRex*



LisaRex said:


> We had our identities stolen by thieves who filed taxes.  What irks me is that the government issues refunds without verifying ANY data.  That is recklessly stupid.  It allows fraudsters to simply make up data, knowing that the IRS, like mindless monkeys, will write them a check, no questions asked.
> 
> My Credit card company has its act together, so much that they've caught, and stopped, several instances of fraud well before I would have ever noticed.  In contrast, our federal government doesn't even do the simplest match, such as a W2 data match, because they issue refunds before they even have the data.  Sorry, that is the stupidest system on earth.
> 
> .


and the rest of this thread she wrote. 

We found out my husband's SSN had been already used when we went to file electronically a few days before the deadline (because we were still waiting for forms from ALL our financial institutions), and had to mail our filing with the fraud affidavit.  

Then 2 weeks later got a letter from the IRS addressed to me and someone else I've never heard of at my address to "verify" my identity so taxes could be processed. 

Called rather than using their online verification. Waited 1/2 hr to talk to a real person
Found out they had caught potential fraud in my name and said now won't take the "180 days to process our return".  Asked about my husband's # and then they checked and said "Oh, we didn't catch that one".  Someone had filed Mar 25 and been paid a refund in his # 10 days later. 

A week or so later, got the Fraud letter from Anthem addressed to me.  I never remember having used them either, but I guess we may have had some BXBS product at some time. 

Just 2 weeks ago, finally got the notice from the IRS that they had received my DH fraud affidavit (which I knew they already had because had filed by Certified Mail).  Says may take up to 180 days to process our return. 

Nothing much has changed in the filing from the other years.  They should have caught all of these sooner.  In addition, they should be giving everyone a new PIN to use every year.


----------



## bogey21 (Jun 16, 2015)

I try desperately to make sure I owe the IRS at tax time.  I figure that way if someone has fraudulently filed and received a refund using my SSN, it will be the IRS's problem not mine.  I'll just file and send them a check for the amount I owe and let them sort out the mess themselves.

George


----------



## MuranoJo (Jun 17, 2015)

bogey21 said:


> I try desperately to make sure I owe the IRS at tax time.  I figure that way if someone has fraudulently filed and received a refund using my SSN, it will be the IRS's problem not mine...
> George



+  Yeah, just see if they can get a refund when we owe the IRS.


----------

