Skip to main content
Skip to main content

Communications to Campus

Communications to Campus

Date Info
February 22, 2015

WKU notification email to employees from Gordon Johnson, Chief Information Technology Officer:

Dear WKU Employees and Retirees:

We want to keep Anthem updated on any identity fraud related issues that our members and former members are experiencing. Please send an email to if you have had a confirmed recent issue with identity related fraud of any sort or you have an issue in the future. By confirmed, I mean you have some verification that fraud has taken place using your personally identifiable information within the last several months -- (like the IRS notified you of a Fraudulent Return filed in your name). Please include a brief description of your incident.

Please do not send emails to the address to vent. If you have some commentary or thoughts on the situation, you can send that directly to me.

Note – If you have already sent an email to myself or HR on this issue, you DO NOT need to do it again. We already have you on the list.

Also, a number of you have asked me if I know how one can query the IRS and see if one’s tax return has been filed fraudulently. Myself and HR have researched this some, and the information we are getting says you have to file your return before the IRS will notify you of fraudulent activity. We know of no way to query the IRS ahead of time and find this out. If anyone, knows different, you can email me and I will confirm any suggestions and email this group as part of my ongoing updates. See my email from 2/19/2015 for information on IRS procedures if you have tax fraud or identity theft issues.

February 19, 2015

WKU notification email to employees from Gordon Johnson, Chief Information Technology Officer:

Dear WKU Employees:

We continue to have several employees reporting to us that their tax returns have been filed fraudulently. HR has been passing along this information along to Anthem and in some instances Anthem has contacted affected individuals. Anthem continues to state that they do not have any indication that the information breached from their systems has been used for fraudulent activity and that is probably true to a point because it is very hard if not impossible to correlate a particular breach event with specific fraudulent activity. However, other sources, mostly in the media and internet blog sphere, have recommended that potential victims of the Anthem breach file their tax returns as soon as possible just to be pro-active and beat the hackers to it. That’s just an FYI, not a recommendation from me.

Regarding this issue, I have two pieces of information to pass along:

  1. There is an IRS.GOV website that has information on what to do if you believe you are (or could be) the victim of identity theft.,-Victims-about-Identity-Theft-and-Tax-Returns

    Pay particular attention the instructions on filing Form 14039 and the Section A, option 2 section. This form can be faxed to the IRS.
  2. Anthem had a Town Hall Webcast on Tuesday where they discussed the Data Breach and answered user submitted questions. In that webcast, the owner of AllClearID, which is the firm handling Identity Theft protection services for Anthem, said that customers who believe they have been the victim of Tax Fraud can contact his firm and utilize the “Identity Protection Services” which are provided to all affected customers of Anthem. All the instructions for utilizing these services are on the site and the site.

February 15, 2015

WKU notification email to employees from Gordon Johnson, Chief Information Technology Officer:

Dear WKU Employees --

Here are some updates on the Anthem Data Breach:

Anthem has updated their website to now include instructions on how to sign up and enroll in Identity Repair and Credit Monitoring Services for affected members. Just so I would know how it worked, I followed the instructions and I was able to enroll in the services. I had several other employees try it as well and they were able to do it. In our previous communications with Anthem, they had stated they would inform "affected" members by US postal mail letter and provide instructions for enrolling in credit protection services via this letter. Apparently, they are still going to send letters to affected members, but they have now decided to make this information available earlier on their website. My interpretation of Anthem's information on their website now is that they consider anyone who has had Anthem at anytime since 2004 as an "affected" member and eligible for the protection services.

So, if interested, go to for the latest information and instructions. Again, neither myself nor WKU has control over the processes or services offered on the Anthem website. Just trying to keep everyone informed.

Another bit of information I will pass along is that four WKU employees have reported to us that they have had their Tax Return fraudulently submitted recently. This may or may not be related to the Anthem Data Breach. This type of tax return fraud happens every year and has been on the increase in recent years as it has become easier to file online with services such as Turbo Tax. But I pass it along, not to alarm folks, but just as FYI. Anyone concerned about this needs to contact the IRS and if you think you are victim of Tax Return fraud you need to contact law enforcement and the IRS.

February 11, 2015

WKU notification email to employees from Gordon Johnson, Chief Information Technology Officer:

Dear WKU Employees:

As mentioned in an earlier email, we have set up a website with information on the Anthem Security Breach. We will update this website as new information becomes available. You can access the website by going to HR’s website ( ) and then clicking on “Anthem Security Breach” in the upper left navigation area.

*** If you have any concern about the authenticity of this email, please contact the WKU IT Help Desk at 270-745-7000. ***

February 10, 2015

Update from Anthem on cyber attack impacting Anthem, Inc.
Updated FAQs related to data breach.

February 6, 2015

Anthem press release alerting consumers to protect themselves from /hr/anthem/anthem-scam-awareness.pdf campaigns. Example of Phishing Scam.

WKU email notification updating WKU employees on the Anthem data breach.

Dear WKU Employees:

*** If you have any concern about the authenticity of this email, please call the WKU IT Help Desk at 270-745-7000.***
This is a follow up to yesterday’s message concerning the Anthem security breach. Just to summarize, WKU received official notice on February 5, 2015, that Anthem, Inc., was the victim of a highly-sophisticated cyber-attack. This information was relevant to WKU since Anthem is the third-party- administrator of WKU’s Employee Health Plan. At this time, we do not know for certain if any WKU employee data is included in the security breach.


Today we have been made aware that some Anthem members/participants are being sent scam (fake) emails that appear as if they have been sent from Anthem or someone representing Anthem. These scam emails look legitimate and may even include the Anthem logo. They instruct the recipient to click a link to enroll in free credit monitoring service or identity theft services. Therefore, please be advised – DO NOT click on any links in emails sent to you unsolicited regarding this incident. Anthem will be sending instructions regarding credit monitoring services to affected members by written notice (mail). Any correspondence you receive written or via email or phone, should provide a way for you confirm its authenticity. If you have any questions regarding the legitimacy of email sent to your WKU email address, you can call the IT Help Desk at 270-745-7000 for confirmation.

We have been advised that Anthem is currently conducting an extensive Information Technology forensic investigation to determine the specific participants impacted by the security breach. Once this is determined, Anthem will notify affected individuals through written communication (mail). This notice will include information about action steps which have been or may be taken to reduce the risk of any further vulnerability. Attached is press release from Anthem that we just received.

WKU is establishing a web page to keep you updated on this matter and including resources that you may wish to engage if you are interested in steps you can take more immediately as opposed to waiting for Anthem to complete their investigation and notification process. We will let you know when our web page is available.

We will provide additional information as determined to be in the best interest of WKU employees.

February 5, 2015

WKU notification email to employees from Gordon Johnson, Chief Information Technology Officer:

Dear WKU Employees:

Earlier today, WKU received official notice that Anthem, Inc. was the victim of a highly-sophisticated cyber-attack. A number of you have already received an email directly from Anthem notifying you of this incident. Anthem has functioned as the third-party-administrator of WKU’s self-insured Employee Health Plan since January 1, 2003. Anthem has informed us that its member/participant data was accessed, and could include that of WKU employees. WKU IT and HR are working closely with Anthem to better understand the impact on members/participants. Provided below is what has been provided to us by Anthem:

  • Once Anthem determined it was the victim of a sophisticated cyber-attack, it immediately notified federal law enforcement officials and shared the indicators of compromise with the HITRUST C3 (Cyber Threat Intelligence and Incident Coordination Center).
  • Anthem’s Information Security has worked to eliminate any further vulnerability and continues to secure all of its data.
  • Anthem immediately began a forensic IT investigation to determine the number of impacted consumers and to identify the type of information accessed. The investigation is still taking place.
  • The information accessed includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, including income data. Social Security numbers were included in only a subset of the universe of consumers that were impacted.
  • Anthem is still working to determine which members’ Social Security numbers were accessed.
  • Anthem’s investigation to date shows that no credit card or confidential health information was accessed.
  • There is no indication at this time that any personal information has been misused.
  • All impacted Anthem members will be enrolled in identity repair services. In addition, impacted members will be provided information on how to enroll in free credit monitoring.

I want to make clear that this Anthem data breach incident affected Anthem maintained systems and data. No WKU maintained systems (such as Banner HR) were involved in this incident directly.

We are working closely with Anthem to better understand the cyber-attack and the impact on WKU current and former employees. Anthem has created a website –, and a hotline, 1-877-263-7995, for its members to call for more information on the cyber-attack.

We will continue to update you as appropriate based on any new information.

Feburary 4, 2015

Initial Notification from Anthem of cyber attack impacting Anthem, Inc.

Note: documents in Portable Document Format (PDF) require Adobe Acrobat Reader 5.0 or higher to view,
download Adobe Acrobat Reader.

Note: documents in Excel format (XLS) require Microsoft Viewer,
download excel.

Note: documents in Word format (DOC) require Microsoft Viewer,
download word.

Note: documents in Powerpoint format (PPT) require Microsoft Viewer,
download powerpoint.

Note: documents in Quicktime Movie format [MOV] require Apple Quicktime,
download quicktime.

 Last Modified 3/1/15