Anthem ready to pay $115 million to settle data breach lawsuit

Get a copy of the upcoming book "Secure Operations Technology"

US health insurer Anthem has agreed to pay $115 million to settle a class-action suit mounted in the wake of the massive data breach it suffered in late 2014/early 2015.

Anthem data breach settlement

The data breach

The breach was the largest healthcare breach to that date, and resulted in the compromise of information about 78.8 million Anthem customers and customers of other insurers affiliated with Anthem: names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, income data, but no credit card data or medical information.

At the time, Anthem offered two years of credit monitoring services for free to all customers whose data had been compromised.

Proposed Anthem data breach settlement

According to the proposed settlement, which still has to be approved by Judge Lucy Koh of the U.S. District Court, Northern District of California, Anthem will not have to admit any wrongdoing.

The amount that Anthem will have to pay looks huge – in fact, if the settlement is approved, it will be largest data theft settlement to date – but it covers many things, and will not end up all in the hands of the plaintiffs who raised the lawsuit.

For example, attorneys’ fees up to nearly $38 million will be covered, as well as actual costs up to $3 million. Experian will get $17 million to provide two more years of credit and identity monitoring services for the victims.

Those settlement class member who already enrolled in and paid for some form of credit monitoring or protection can claim alternative compensation.

All settlement class member can also request payment of the out-of-pocket costs they actually incurred and that are traceable to the data breach – things like professional fees incurred in connection with identity theft or falsified tax returns, credit freezes, miscellaneous expenses, and time spent remedying issues related to the data breach. The total amount allocated to reimbursing these costs is $15 million.

And, finally, let’s not forget taxes will have to be paid, as well as the administrative expenses.