States: Anthem too slow in disclosing breach

Ten U.S. states are complaining that Anthem lagged in telling customers that it was hacked and that the personal information of 80 million people had been stolen.

In a letter, Connecticut Attorney General George Jepsen called on Anthem to reimburse policyholders who experience fraud between the breach and the time they gain access to free credit monitoring, a benefit the company has promised to all affected.


"The delay in notifying those impacted is unreasonable and is causing unnecessary added worry to an already concerned population of Anthem customers," Jepsen wrote on behalf of Connecticut and nine other states.

Anthem has vowed to do all it can to protect consumers whose information — including Social Security numbers — were stolen.

Many customers are now experiencing phishing attacks from fraudsters posing as Anthem and offering free credit monitoring services, a sign of further scams to come, according to experts.

The scams are posing a challenge to Anthem, which notified the media that it will be communicating with affected customers by traditional mail only in order to avoid confusion.

Anthem is also working on a plan to launch the promised credit monitoring and identity repair services.

"We have laid out a thoughtful plan with this vendor so that they can accommodate what we anticipate will be very high demand for these services. We plan to communicate to members very soon, about how exactly they can enroll," the company said in an emailed statement reported by Reuters.

Anthem disclosed the hack last Wednesday after detecting the breach on Jan. 29. Under federal law, healthcare entities have 60 days to report a hack that affects more than 500 people.