Chris Lau - Seeking Alpha

Friday, February 06, 2015

How to Protect Social Security numbers from a Data Breach

  • Anthem (NYSE:ANTM) stored the social security numbers of 80M customers without encrypting them to make it easier for employees to track health care trends and share data with states and health providers, WSJ reports.
Solution:

Any sensitive database should have the social security number protected through encryption and better yet, held separately from the primary database through foreign keys. Most databases support mechanisms to protect this sensitive information (even from Sysadmin accounts), particularly if data requests are made from off premise networks. This shows complete disregard for the sensitive information of their customers - plain and simple. With this type information, it will be very hard for a customer to be alerted if their info is being used (eg payment fraud, etc). One year of protection is certainly not enough, IMHO.