[ipsin]

That's really my problem -- that they're leaving their victims to speculate.

It's great that they "made every effort to close the security vulnerability". How's that going?

They hired Mandiant to "evaluate our systems and identify solutions based on the evolving landscape." Is "evolving landscape" CEO-speak for "Oh, god, we're still leaking customer data like a sieve, make it stop!"?

I'm just going to keep speculating, because if Anthem's not going to bother speaking plainly, I'm just going to assume the worst.

[jimkri]

>It's great that they "made every effort to close the security vulnerability".

I love that quote, they try to cover their asses by saying we closed the vulnerability. My question is why did you wait till it was taken advantage of?

[goykasi]

Even better is that they didn't explicit state that they did close the vulnerability -- simply that they put forth every effort to do so.

[cmcpgh]

If we combine the Check Point firewall job posted on the Anthem Inc's website on 1/30/2015, add in the "discovery" on 1/29/2015, and think about Check Point's vulnerability to Heartbleed and Shellshock last year, one might also guess that a VPN stolen-credential compromise (like the major CHS breach last year) or a generic firewall compromise (via shellshock) are in the running as possibilities.