They have evidence of an attack going back to Dec 10, a Wednesday.<p>"Anthemfacts.com" was registered on Dec 13th which was, assuming US rather than GMT, the following friday.<p>The proximity and order of those dates cannot be coincidence. It would seem someone at Anthem was confident enough to start prepping the PR campaign almost TWO MONTHS before the public, or the Conn AG, was notified. And during tax season!
So no two-factor authentication was needed to access personal information? And where are the defenses against an insider accessing information they aren't supposed to?
> Anthem hackers had compromised the credentials of five different employees<p>Would be much more news-worthy if it were five <i>the same</i> employees!