Anthem Inc., the second-largest health insurer in the U.S., said hackers broke into the company's database last week and stole personal information for millions of customers and employees.
The health insurer discovered the cyber attack independently last week and disclosed Wednesday that they are working with investigators to determine the extent of the breach, which likely affected "tens of millions."
Included in the data were names, birthdays, Social Security numbers, phone numbers, emails, and employment information.
Anthem, which is the largest for-profit carrier of Blue Cross Blue Shield plans, covers about 37.5 million people, but the hack includes current and former customers, as well as employees.
The company also said the hack could impact up to 80 million people. That would put the attack on track to become one of the largest of all time. Target's hack impacted 40 million payment cards in 2013, while J.P. Morgan's breach affected about 76 million households last year.
Anthem tweeted the following statement about the event:
It was not immediately clear how the hackers were able to access Anthem's database, the company's chief information officer, Thomas Miller told the Wall Street Journal.
The FBI was assisting in the investigation, a spokesman for the agency said.
Meanwhile, Anthem said it was working to inform everyone who may have had personal data stolen during the event and would also set up a credit-monitoring site.
David Damato, who works with the security firm Mandiant that Anthem hired to investigate, called the attack "sophisticated" and said the hackers used specialized techniques. He also said health care companies are increasingly being targeted since they hold a wealth of personal information.
Michelle Broder Van Dyke is a reporter and night editor for BuzzFeed News and is based in Hawaii.
Contact Michelle Broder Van Dyke at firstname.lastname@example.org.
Got a confidential tip? Submit it here.