Brian Krebs, the author of the must-read Krebs on Security Blog, has reported new information about the Anthem breach. Krebs reports two new facts:
- The breach actually started in April 2014, not December 10, 2014, as previously reported. Thus, the January 27, 2015, discovery represented a breach of many months instead of a few weeks.
- The method of intrusion was spearphishing.
This diagram from Crowdstrike is reproduced on Krebs on Security:
Learn more at our new blog.