The settlement is the largest on record for a data breach class action lawsuit. Under the terms of the deal, the funds will be used to provide credit protection and reimbursement for damages. Specifically, the settlement fund will provide two years of credit monitoring, pay for customers' out-of-pocket expenses stemming from the data breach, and provide cash compensation to customers who’ve already purchased their own credit monitoring, according to the Associated Press (AP).
If approved, Anthem must also guarantee a certain amount of funding for information security and to make certain changes to its data security systems.
The health insurance company announced in February 2015 that it had been victim of a cyber attack, potentially exposing personal information of up to 80 million people. According to a statement from Anthem, customer names, birthdays, Social Security numbers, street addresses and employment information were accessed by the hackers. When Anthem announced the breach, however, it noted that financial information did not appear to have been accessed.
According to the lawsuit, Anthem, more than two dozen Anthem affiliates and 14 “non-Anthem” Blue Cross entities violated state and federal consumer protection laws by failing to protect the personal data that was stolen in a 2015 hack.
The case is In re Anthem Inc. Data Breach Litigation, case number 5:15-md-02617, in the U.S. District Court for the Northern District of California.