$115 Million Settlement in Massive Anthem Breach Case

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP

Breach Response , Data Breach , Risk Assessments

Largest Data Breach Settlement Ever, Pending Court Approval, Lawyers Say $115 Million Settlement in Massive Anthem Breach Case

Health insurer Anthem has agreed to a proposed $115 million deal to settle a class action lawsuit over the 2015 cyberattack that resulted in breach affecting nearly 78.9 million individuals.

See Also: Moving from Vulnerability Management to Effective Vulnerability Response

Attorneys representing plaintiffs said in a statement the $115 million deal, if approved by the California federal court handling the consolidated case, would be the largest data breach settlement in history.

The proposed settlement provides for Anthem to establish a $115 million settlement fund, which would be used to:

  • Provide victims of the data breach at least two years of credit monitoring;
  • Cover out-of-pocket expenses incurred by consumers as a result of the data breach; and
  • Provide cash compensation for those consumers who are already enrolled in credit monitoring.

Security Improvements

In addition to the monetary fund, the settlement would require Anthem to guarantee a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls.

The settlement is designed to protect class members from future risk, provide compensation and ensure best cybersecurity practices to deter against future data breaches, the attorneys statement says.

“After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses,” said Eve Cervantez, co-lead counsel representing the plaintiffs in the Anthem litigation.

In February 2015, Anthem announced that it had been the target of a cyberattack, in which the personal information of 78.8 million individuals was stolen, including, for many of those individuals: names, dates of birth, Social Security numbers and healthcare identity numbers.

100 Lawsuits Consolidated

Plaintiffs filed more than 100 lawsuits against Anthem across the country. Judge Lucy Koh of the Northern District of California consolidated the cases.

The plaintiffs filed a motion for preliminary approval of the settlement on June 23. Judge Koh is scheduled to hear plaintiffs’ motion on Aug. 17. If granted, the class members would be notified about the details of the settlement and invited to participate in and comment on the settlement, the attorneys said.

The law firms representing the plaintiffs have set up a website portal for individuals affected by the breach to obtain information about the settlement.

In January, seven state insurance commissioners released a report on their investigation into the massive cyberattack against Anthem. The insurance commissioners concluded that the attack began with a phishing campaign launched by an unnamed nation-state.

This story is developing. Look for updates.