Archive for the ‘anthem blue cross’ tag
Anthem Blue Cross of California voice response system information leak?
I suspect there is an information privacy security hole in the voice response system for customer support at Anthem Blue Cross of California. I alerted them to my suspicion some months ago, and nobody followed up with me to reassure me that there is not a privacy leak.
As of today, April 1, 2011, the system still operates in the same way that provoked my suspicion. This post is not an April Fools joke… I am serious.
I need your help to verify if my suspicion is correct, and if you’re a health insurance customer of Anthem, you can provide this help to me in about 2 minutes.
Here’s the suspected Anthem Blue Cross of California privacy breach:
When one calls the US phone number (800) 333-0912, which is the ‘customer service’ number printed on my insurance card, a voice response system asks me to enter my social security number. After I do this, the system asks me my birthday, and then it gives instructions on how to enter this information on the telephone keypad. This would be fine except that the voice response system uses an example date that contains the exact year in which I was born.
Perhaps this is pure coincidence, but I doubt it, thus this post.
What I suspect is happening in their software that drives the voice response system is that it looks up the social security number and pulls the year of birth associated with that number and uses that year to compose the example language.
Why is this a potential problem?
It allows anyone with the social security number of an Anthem Blue Cross of California customer to quickly find out approximately how old that person is.
Since Anthem Blue Cross of California has millions of customers, this exposes a lot of ages.
How can you help me verify my suspicion?
If you’re a customer, call (800) 333-0912 or the number on your insurance card and key in your social security number, and listen to hear if the voice response system says the year of your birth. If it does, and the year is not my birth year, then there may be a widespread information leak.
Please take 2 minutes to help me out. You may leave a comment to tell me the results.
Thanks.