June 26, 2017
Anthem has agreed to pay $115mn to settle a class action lawsuit over a data breach in 2015 that compromised the personal data of nearly 80 million individuals.
If approved by the court, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers.
The proposed $115mn settlement fund would be used to pay for two years of credit monitoring for those affected by the cyber-attack and cover their out-of-pocket expenses incurred as result of the breach.
The US health insurer will also have to provide compensation to customers already enrolled in credit monitoring services.
Additionally, as part of the settlement, Anthem will be required guarantee a certain level of funding to bolster its cybersecurity over the next three years.
In a statement confirming the settlement, Anthem said that it is not admitting any wrongdoing or that any individuals were harmed as a result of the cyber-attack.
More than 100 lawsuits filed against Anthem over the breach were consolidated into one class action suit.
The 2015 cyber-attack saw hackers steal the names, dates of birth, social security numbers and healthcare ID numbers of 78.8 million people.
At the time of the breach, The Insurance Insider reported that Anthem had in place a $100mn AIG-led cyber programme and that AIG's excess and surplus lines arm Lexington had 100 percent of a $10mn primary layer in excess of a $5mn self-insured retention.