by
Thomas Dworetzky, Contributing Reporter | June 28, 2017
Almost two years after a massive cyberattack against Anthem led to the loss of the personal data of 78.8 million individuals, the health insurance company has agreed to settle the litigation against it stemming from the breach for $115 million, according to the Wall Street Journal and other sources.
The money represents the biggest data-breach settlement in history, according to a statement from the court-appointed plaintiff attorneys from Altshuler Berzon, Cohen Milstein, Girard Gibbs and Lieff Cabraser.
“After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses,” said Eve Cervantez, co-lead counsel representing the plaintiffs in the Anthem litigation.
The agreement awaits a final decision by U.S. District Judge Lucy Koh in San Jose, California, where the case is being litigated,
according to Reuters.
The settlement provides that the money will be used to create a fund that covers “at least two years of credit monitoring,” as well as expenses victims have already had “as a result of the data breach.”
The two years is on top of the two years previously offered by the company, according to Reuters.
In addition, said plaintiffs' attorneys, it will also provide cash compensation to those who already paid for credit monitoring. The amount of money that would be paid for those who already paid for credit monitoring is roughly $50 per person.
The proposed deal also requires “Anthem to guarantee a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls.”
“We are very satisfied that the settlement is a great result for those affected and look forward to working through the settlement approval process,” said Andrew Friedman, co-lead plaintiffs’ counsel.
Anthem spokeswoman Jill Becher told Reuter's that the company was “pleased” about resolving the litigation, adding that the firm admitted no wrongdoing, and also that there was no evidence the compromised data had been used “for fraud” or sold.
In late January, 2015, Anthem was hit with a large-scale, sophisticated cyber security attack. Names, dates of birth, Social Security numbers, health care ID numbers, home address, email addresses, employment information and income data were stolen.
