"As soon as we heard about the attorneys, we... fixed it"

[The Security Community <thesecuritycommunity () gmail com>]

I love that line!

http://www.esecurityplanet.com/news/article.php/3889951/Anthem-Blue-Cross-Cops-to-Massive-Data-Breach.htm

A sloppy website upgrade is being blamed this week for a data breach
that left the most sensitive personal information of more than 230,000
Anthem Blue Cross members exposed for more than five months.

Anthem officials said its corporate website had been revamped in
October by a third-party vendor that, according to the health insurer,
failed to secure sections of the site to ensure visitors couldn't
access members' medical records and Social Security numbers.

"We were told by a third-party vendor that all security measures were
in place," Cynthia Sanders, an Anthem spokeswoman, said in a
statement.

As it turns out, visitors were able to access the personal information
of the more than 230,000 people who had pending insurance applications
in the Anthem system.

But it wasn't until attorneys filed a class action suit on behalf of
the violated members that Anthem became aware of the data breach. A
subsequent internal investigation revealed that at least one affected
member and his or her attorneys managed to infiltrate the website
repeatedly to access what was supposed to be secured data.

"As soon as we heard about the attorneys, we went in, discovered the
problem and fixed it immediately," Sanders said.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.