Anthem Prepared to Settle Data Breach Lawsuit for Record $115 Million
Anthem has reached a settlement to resolve the multidistrict class action litigation relating to a 2015 cyber attack against the company that exposed the personal information of more than 78 million people. This could be the largest data breach settlement in history if approved by the U.S. District Court for the Northern District of California, San Jose Division, which is scheduled to hear a motion for preliminary approval of the settlement on August 17, 2017.
The settlement does not include any finding of wrongdoing, and Anthem has not admitted to any wrongdoing or that any individuals were harmed as a result of the cyber attack. Regardless, the company has agreed to pay a total of $115 million to resolve the litigation. The settlement will benefit class members in a number of ways. When Anthem discovered the cyber attack in 2015, the company offered two years of credit monitoring and identity protection services to all individuals whose data may have been impacted. As part of the settlement, $17 million of the funds will be allocated to pay for an additional two years of credit monitoring and identity protection services. Anthem has also agreed that $15 million of the funds will be allocated to pay actual out-of-pocket costs, up to a set amount, that class members claim they incurred due to the cyber attack.
Class members who already have credit services can submit a claim to receive alternative cash compensation instead of receiving the credit services provided by the settlement. The aggregate sum of alternative compensation has been capped at $13 million of the funds with an individual cap of no more than $50 per person.
Finally, Anthem has agreed to implement additional protections over the next three years. These changes include implementing data retention periods, strict access requirements, and mandatory information security training for all associates and annual IT security risk assessments. The settlement further requires Anthem to allocate a certain amount of funds for information security and increase its funding for every additional 5,000 users if Anthem increases its users by more than 10 percent, whether by acquisition or growth.