Anthem Reaches Settlement Over Data Breach Lawsuits

Anthem, which some estimate to be the largest health insurer in the country, has agreed to settle litigation over hacking in 2015 that compromised about 79 million people's personal information. The settlement amount is reported to be for $115 million, making the deal the largest settlement ever for a data breach. The settlement must still be approved by U.S. District Judge Lucy Koh in San Jose, California, who is presiding over the case. Over one-hundred lawsuits filed against Anthem were consolidated in Judge Koh’s court.

The money will go to pay for two years of credit monitoring for people affected by the data breach. Victims are believed to include current and former customers of Anthem and of other insurers affiliated with Anthem through the national Blue Cross Blue Shield Association.

The credit monitoring in the settlement is in addition to the two years of credit monitoring Anthem offered victims when it announced the breach in February 2015. In February 2015 an unknown hacker had accessed a database containing personal information, including names, dates of birth, social security numbers, home addresses, email addresses, and employment and income information. The attack supposedly did not compromise credit card information or medical information.

The breach is just one of a series of high-profile data breaches over the last several years. Other large corporations that were hacked include Target, which agreed to pay $18.5 million to settle claims, and Home Depot which agreed to pay at least $19.5 million to consumers last year.

Anthem Sees First Lawsuits Over Data Breach

Another major data breach in our country has occurred, and unfortunately will not be the last. Anthem, one of the nation’s largest health insurance companies, first announced the hack on February 4^th, although it was detected on January 27^th. The unauthorized data quarries started as early as December 10^th of last year and is believed to have occurred through the discovery date. Anthem is based out of Indianapolis, Indiana.

The first lawsuits in the Anthem hack have been filed in Indiana, California, Alabama and Georgia. The suits allege that Anthem did not take adequate and reasonable measures to ensure its data systems were protected. It is estimated that 80 million Anthem customers whose information may have been affected could be harmed.

Hackers gained access to a company database that included members' names, birthdays, Social Security numbers, addresses and employment data, including income. Unlike some of the other data breaches covered in this blog such as the Target and Mapco breaches, credit card information was not among the data stolen.

How the hackers got the information is different as well. The hackers appear to have compromised the credentials of five different tech workers at Anthem, possibly through "phishing" e-mails that trick users into unwittingly revealing passwords or downloading malicious software. The malware used to break into Anthem's network has not shown up on other computer networks and does not appear to have been used in recent attack attempts on other companies.

One of the main questions for consumers is why Anthem would have maintained a single database containing information about 80 million current and former members. HIPPA violations could be a concern for Anthem due to the breach as well.