Hackers have stolen personal information relating to current and former customers and staff of number two US health insurer Anthem, after breaching an IT system containing data on up to 80 million people, the company said late on Wednesday (4 February).
Anthem, which has nearly 40 million customers in the United States, said it had reported the attack to the FBI, and cyber-security firm FireEye said it had been hired to help Anthem investigate the attack.
Anthem said in a statement that names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, had been accessed in what it described as a "very sophisticated attack".
Cyber-security has become a major concern both for US firms facing a barrage of attacks as well as insurers trying to figure out how much of that risk they can afford to underwrite.
A high-profile attack against Sony Pictures Entertainment late last year brought the company headlines for everything from pay disparities among its employees to internal critiques about the studio's own movies.
President Barack Obama's recently proposed fiscal 2016 budget sets aside $14bn to strengthen US cyber-security defences, an increase of 10%.
On Thursday (5 February), during a US Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security in Washington, DC, U.S. Senator Jerry Moran (R-Kansas) said, "These high-profile breaches are the most severe of what have become common occurrences in our digital society."
Anthem said it would send a letter and email to everyone whose information was stored in the hacked database.