Cyber Incident Victim: Anthem
Date:
Feb 2015
Location:
United States of America
Summary
A major US health insurer experienced a significant cyberattack resulting in the theft of personal data belonging to 78 million individuals, including names, birth dates, Social Security numbers, addresses, and employment details. The US Department of Justice attributed the breach to two Chinese nationals operating as part of a sophisticated hacking group based in China, indicting them for this intrusion and attacks against three other corporations across different sectors. While the indictment described the group's advanced techniques and the unprecedented scale of the data compromise, it did not specify the attackers' motivations or establish any formal connection to Chinese government entities, leaving their affiliations and objectives officially uncharacterized despite broader historical context of state-sponsored cyber espionage involving China.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2015, health insurance provider Anthem Inc. disclosed a cyberattack compromising the personal data of approximately 78 million customers. The breach exposed names, birth dates, physical and email addresses, Social Security numbers, and employment information. Attackers employed sophisticated techniques to infiltrate Anthem's networks, though specific technical details of the intrusion vector were not publicly disclosed in the indictment. The scale of the breach ranked it among the largest healthcare data thefts in history at the time. In 2019, the U.S. Department of Justice unsealed an indictment charging two Chinese nationals—32-year-old Fujie Wang and an unnamed co-conspirator—with executing the attack. The indictment identified the defendants as members of a China-based hacking group responsible for breaching three additional U.S. corporations: a basic materials company, a communications firm, and a technology company. Federal investigators characterized the group's methods as exceptionally advanced but did not specify the duration of unauthorized access or precise data exfiltration timelines. Anthem publicly confirmed the breach after detecting it internally, though the exact timeline between initial compromise and discovery remains undisclosed. No evidence suggested the theft included medical records or financial information like credit card numbers. The company offered affected customers two years of credit monitoring and identity protection services following the disclosure.
The Department of Justice indictment notably omitted any attribution of motives or organizational affiliations for the attackers, despite historical context linking similar breaches to Chinese state-sponsored espionage campaigns. This absence contrasted with other contemporaneous DOJ cyber indictments that explicitly alleged ties to Chinese government entities. Assistant Attorney General Brian Benczkowski described the incident as "one of the worst data breaches in history" but provided no rationale for the theft of personally identifiable information. Industry analysts observed that the indictment's ambiguity could reflect evidentiary limitations in proving state sponsorship, operational security measures by the hackers, or diplomatic considerations regarding U.S.-China relations. The breach occurred during a period of heightened tensions following the 2015 U.S.-China cyber espionage moratorium agreement, which had temporarily reduced publicly attributed state-sponsored hacking incidents. Cybersecurity experts noted persistent challenges in distinguishing between state-affiliated and criminal threat actors operating from China, citing blurred organizational boundaries and overlapping methodologies. The FBI released photographs of Fujie Wang but did not disclose whether Chinese authorities cooperated in the investigation. No public reports indicated financial fraud or identity theft directly linked to the stolen Anthem data in subsequent years.