You seem to be implying that the domain was registered in response to the breach.
Could it be that the anthemfacts.com domain was intended for a different use, or to prevent someone else from registering it, and was re-purposed after the intrusion to present Anthem's case? I don't know much about SEO, but quarantining negative information on a separate, immediately available domain might be the motivation here.
Perhaps? In August 2014, they registered stanfordanthemfacts.com on which they've posted the November 11. 2014 announcement that they have continued their contract with Stanford Health Care: http://stanfordanthemfacts.com/
Maybe after the Stanford (and other such announcements), they had decided in mid-December to snag anthemfacts.com and then, after learning of the breach, decided to put it into action for this monumental event. However, what are the chances that it took one week for a health insurer, upon discovering the breach, to launch its PR campaign, nevermind fully understand the nature of the breach to be able to publicly announce it. Given the delicate nature of the situation, as well as its historic size, this is not something that a health insurer would want to prematurely make an announcement on without being very sure that the damage is contained. And they contained it within a week? I realize that I'm slightly begging the question here, but yes, part of my skepticism comes from how quickly they were able to move...One week would make it one of the fastest discoveries-to-announcements, which given the scope of the breach, is pretty amazing.
Edit: It's worth pointing out though that there would be records of them contacting the FBI and Mandiant, and I would give them the benefit of the doubt that they would make such contacts upon discovery of the breach...so if the FBI confirms that the contact happened a week ago, I would take Anthem at their word.
A domain name that is being used exclusively to address to data breach, and was registered within the past 2 months. And it's just a coincidence?
Seems very unlikely.
And I'm sure they're quarantining negative info on an unrelated domain, but why would they even need to consider repurposing an existing domain name, instead of buying one? We're not talking about somebody doing a side project and hoping to save a few bucks by repurposing another domain name. And it takes all of a few hours to buy a domain name and have it propogate.
"A domain name that is being used exclusively to address to data breach..."
My point is that while it is used for that purpose now, that doesn't mean that it was registered for that purpose back in mid-December. Your theory about the breach occurring earlier and being concealed until now is certainly possible, but the domain registration date on its own is not supporting evidence.
What's unlikely about it? Maybe if the domain name was "anthemdatabreachinfo.com" or something more specific, but "anthemfacts.com"? Many companies register lots of variation of domain names that they aren't using. I don't think it's unlikely at all that this came up, and there was a meeting where they said "OK, do we have any existing domain names we can use for this?"
So what have they been using the domain for in the few weeks since registration? The domain doesn't appear in web.archive.org until today, and searching Google for the domain between December and the end of January shows nothing.
The website itself says "we have created a dedicated website ... anthemfacts.com" for this incident.
[Edit: replaced two egregious uses of "website" with "domain"]
Could it be that the anthemfacts.com domain was intended for a different use, or to prevent someone else from registering it, and was re-purposed after the intrusion to present Anthem's case? I don't know much about SEO, but quarantining negative information on a separate, immediately available domain might be the motivation here.