A story in the California Orange County Register says that some 230,000 customers of Anthem Blue Cross potentially had their personal information exposed by a website security flaw.

The Register says that that "only customers who had pending insurance applications in the system are being contacted because information was viewed through an on-line tool that allows users to track the status of their applications."

A spokesperson for Anthem told the paper that the information was accessed by lawyers looking for information in a class action lawsuit against Anthem. Others may have also accessed the information as well.

According to this AP story, a faulty website upgrade occurred in October 2009, and it was discovered only this spring when Anthem found out that the lawyers had accessed the information.

The Orange County Register published a letter by Anthem giving more details of problem:

"The ability to manipulate the web address (URL) was available for a relatively short period of time following an upgrade to the system. After the upgrade was completed, a third party vendor validated that all security measures were in place, when in fact they were not. As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again."

Anthem apologized and said it was going to offer a year of identity protection service for free to those customers potentially affected. It also said the lawyers promised not to use the information they had obtained.

What I find interesting is that there is no FBI investigation - at least not yet - of the lawyers' activities in accessing the information like in the AT&T iPad website data breach, or any outcry that that the lawyers should have immediately notified Anthem about the website security flaw instead of exploiting it.

A double standard at work here?

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
An illustration of a series
Carl De Torres

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less