Anthem Inc. proposed a $115 million settlement in 2017 to resolve the class action lawsuits filed by the victims of its 78.8 million-record data breach in 2015. The proposal was finally approved on August 16, 2018.
The Anthem cyberattack resulted in the theft of plan members’ names, dates of birth, healthcare insurance data, Social Security numbers and other data. Several class-action lawsuits were filed in the months after the announcement of the breach, and due to the similarity of the lawsuits they were consolidated by the Judicial Panel for Multidistrict Litigation into a single lawsuit in June 2015. The case was allocated to the U.S District Court for the Northern District of California.
Anthem did take steps to reduce the potential for financial harm and offered breach victims 24 months of credit monitoring services free of charge, but many breach victims personally paid for credit monitoring and identity theft protection services and incurred other expenses as a result of the breach. The settlement will ensure that those out-of-pocket expenses are reimbursed.
In her opinion, U.S. District Judge Lucy H. Koh said the settlement amount was ““fair, reasonable, and adequate.” In addition to covering the out-of-pocket expenses, class members have also been offered a further 24 months of credit monitoring services without charge and gives class members “timely, certain, and meaningful recovery.” Had the settlement been rejected it would have delayed reimbursement of out-of-pocket expenses, and there was no guarantee that continued legal action would have resulted in a settlement had the case gone before a jury. There were several objections to the settlement, although Judge Koh determined that none were valid.
Class members who have yet to pay for additional credit monitoring services will be able to register for them by submitting a simple form. Class members who have already paid for those services will be eligible to receive a cash payment, provided they submit details of the company and credit monitoring services they have purchased. The cash alternative will be a maximum of $50 per class member. Judge Koh believed the fund to cover the cash payments is adequate.
The settlement also includes a fund of $15 million for individuals who have had to cover additional expenses as a result of the breach. Only 1.33 million breach victims have submitted a claim. For those individuals, the maximum payment to reimburse costs is $10,000. Proof of expenses will be required.
Anthem has also agreed to implement additional security controls to make sure sensitive information is better safeguarded. Those measures include the use of encryption and improvements to its data security processes.