On Friday, June 23, Anthem Inc. announced it had agreed to a settlement over its 2015 data breach, which is estimated to have affected nearly 80 million of its customers. The deal is valued at $115 million, and is billed as the largest-ever data breach settlement, according to Law360. Settlement funds will compensate Anthem customers for out-of-pocket expenses as a result of the breach, and will provide credit-monitoring services for victims, or reimburse them for services they already purchased.
Anthem is the second-largest health insurance company in the U.S. The cyberattack compromised customer names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment records. Employee records also were compromised.
Anthem brands affected by the data breach included Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare.
In addition to providing compensation for data breach victims, the settlement will designate funds to analyze and update its data security systems to ensure a similar breach is unlikely to happen again.
The case is In re Anthem Inc. Data Breach Litigation, case number 5:15-md-02617, in the U.S. District Court for the Northern District of California.