Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
$115 Million Settlement in Massive Anthem Breach Case
Lawyers Say Proposed Settlement Would Be Largest Ever for a BreachHealth insurer Anthem has agreed to a proposed $115 million deal to settle a class action lawsuit over a 2015 cyberattack that resulted in a breach affecting nearly 78.9 million individuals.
See Also: Gartner Guide for Digital Forensics and Incident Response
Attorneys representing plaintiffs said in a statement the $115 million deal, if approved by the California federal court handling the consolidated case, would be the largest data breach settlement ever reached.
The proposed settlement provides for Anthem to establish a settlement fund that would be used to:
- Provide victims of the data breach at least two years of credit monitoring;
- Cover out-of-pocket expenses incurred by consumers as a result of the data breach; and
- Provide cash compensation for those consumers who are already enrolled in credit monitoring.
Security Improvements
In addition to the monetary fund, the settlement would require Anthem to guarantee a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls.
The settlement is designed to protect class members from future risk, provide compensation and ensure best cybersecurity practices to deter against future data breaches, the attorneys' statement says.
"After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses," said Eve Cervantez, co-lead counsel representing the plaintiffs in the Anthem litigation.
In February 2015, Anthem announced that it had been the target of a cyberattack in which the personal information of 78.8 million individuals was stolen, including, for many of those individuals: names, dates of birth, Social Security numbers and healthcare identity numbers.
100 Lawsuits Consolidated
Plaintiffs filed more than 100 lawsuits against Anthem across the country. Judge Lucy Koh of the Northern District of California consolidated the cases.
The plaintiffs filed a motion for preliminary approval of the settlement on June 23. Judge Koh is scheduled to hear plaintiffs' motion on Aug. 17. If approval is granted, the class members would be notified about the details of the settlement and invited to participate in and comment on it, the attorneys said.
The law firms representing the plaintiffs have set up a website where individuals affected by the breach can obtain information about the settlement.
In January, seven state insurance commissioners released a report on their investigation into the massive cyberattack against Anthem. The insurance commissioners concluded that the attack began with a phishing campaign launched by an unnamed nation-state.