Anthem disclosed the attack late Wednesday, saying unknown hackers had penetrated a database with some 80 million records. The insurer said it suspected they had stolen information belonging to tens of millions of current and former customers as well as employees.
Attorneys general of Connecticut, Illinois, Massachusetts, Arkansas and North Carolina are looking into the breach, according to representatives of their offices and internal documents. California's Department of Insurancesaid it will review Anthem's response to the data attack.
Connecticut Attorney General George Jepsen asked Anthem Chief Executive Joseph Swedish to provide by March 4 detailed information about the cyber-attack, the company's security practices and privacy policies, according to a letter obtained by Reuters on Thursday.
"We hope and expect to work in close coordination with other attorneys general," said Jaclyn Falkowski, a spokeswoman for Jepsen.
A source familiar with the probe told Reuters that a possible connection to China was being investigated, and the Wall Street Journal reported that people close to the investigation say some tools and techniques used against Anthem were similar to ones used in previous attacks linked to China.
Late on Wednesday, the FBI said it was looking into the matter but did not discuss suspects.
"As far as China being involved, I don't know," said FBI spokesman Paul Bresson. "I don't think we know yet. Our investigation is ongoing."
On Friday, Anthem officials are scheduled to brief the House Energy and Commerce Committee on the breach.
"This latest intrusion into patients' personal information underscores the increasing magnitude and evolving nature of cybercrimes," Fred Upton, the committee's chairman, said in a statement. "Every business is at risk and American consumers are anxious."
President Barack Obama's cyber-security adviser,Michael Daniel, speaking at a seminar in Washington, called the data breach "quite concerning" and warned consumers to change their passwords and monitor their credit scores.
Connecticut has worked with other states to investigate some of the biggest US data breaches reported to date, including ones at retailers Target Corp and Home Depot Inc. The office of Connecticut's attorney general said Anthem has agreed to two years of credit monitoring for customers there.
A representative for New York Attorney General Eric Schneiderman declined to say whether he planned to work with Connecticut but noted his office had contacted Anthem to discuss protecting its customers in the wake of the data breach.
A representative with FireEye Inc, which was investigating the attack on behalf of Anthem, declined comment.
© Thomson Reuters 2015
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.