Anthem Data Breach Settlement Approved by Federal Judge
A federal judge has approved a $115 million settlement for a February 2015 Anthem Inc. data breach that exposed millions of consumers’ personal data. The approval officially marks one of the largest settlements for this type of case. Anthem, formerly WellPoint, reached the settlement on June 23 without admitting any wrongdoing.
“The Court finds that the Settlement is fair, adequate, and reasonable,” wrote Judge Lucy Koh of the U.S. District Court for the Northern District of California, appointed by former President Barack Obama, in her August 15 opinion.
“After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses,” said Eve Cervantez, co-lead counsel representing the plaintiffs in the litigation.
The affected more than 78 million people when it exposed their names, social security numbers, dates of birth, health care ID numbers, and other data. The class group showed that their personal information was stored in the data warehouse accessed by hackers. The breach also affected many of the insurance organization’s affiliated brands, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
Most of the settlement funds will be used to offer two years of credit monitoring and fraud resolution services for victims. An estimated 13 percent of the payout has been reserved for cash reimbursements for any victims who paid out of pocket for security monitoring services.
In total, it includes $15 million for the class group to claim up to $10,000 each for their out-of-pocket expenses in handling potential identify theft issues and ensuring their data is secured once again. Anthem has also agreed to make changes to its data security procedures, including adopting encryption protocols for sensitive data. “The credit monitoring services offered in this settlement are more extensive than the services offered by Equifax,” said the federal judge.
There have been other notable class actions suits in recent history. A lawsuit was filed against Home Depot in 2014, which resulted in a $27.2 million settlement that covered 52 million consumers. The breach of the popular home improvement store’s systems exposed 56 million payment cards as well as personal details for up to 53 million shoppers.
Target was also hit with a systems security breach in 2013 that led to the exposure of 40 million payment cards and contact details for 60 million consumers. The retailer came to a $23 million settlement with a class of 110 million consumers. Target also was also ordered by a federal judge to pay a fine of $18.5 million following legal action by the attorneys general of 47 states and the District of Columbia.
Breach costs are extensive, and can also include incident response, mitigation, long-term investigations, and cleanup. In 2017, Equifax reported that it faced dishing out $439 million due to its data breach, of which $125 million would be covered by its cybersecurity insurance policy. Restoration involves a lengthy process of resecuring information, and often, new systems are rolled out to help ensure the costly problem doesn’t happen again.