SUNDAY, FEBRUARY 15, 2015
Anthem slapped with lawsuits, probe following data breach
The Anthem Inc. data breach is shaping up to be a watermark case for insurance agents and brokers hoping to demonstrate the hidden costs of cyber crime.
Just a few days after the health insurer announced the breach, potential class-action lawsuits were filed in Alabama and California alleging Anthem did not adequately protect the data that was exposed in the hack.
Specifically, the two Anthem customers say the insurer did not appropriately encrypt customer data, such as social security numbers, addresses and phone numbers, and in so doing, accepted money from policyholders who believed Anthem would take “sufficient measures” to protect personal information.
“It appears that Anthem’s security system did not involve encrypting Social Security numbers and birth dates—two of the most valuable pieces of information a thief can have,” said a complaint filed on behalf of California plaintiff Susan Morris.
The two lawsuits could eventually be merged and attract other complaints for a widespread class-action lawsuit, a Fortune.com report said.
The cyber-attack, which is believed to have exposed the personal data of more than 80 million customers, is now being probed by several US states for possible ties to China. California’s Department of Insurance is also reviewing Anthem’s response to the data breach.
The Wall Street Journal reported that some of the tools and techniques used to hack Anthem were similar to those used in cases with links to China. The FBI, which is investigating the breach, refused to comment, however.
“As far as China being involved, I don’t know,” spokesman Paul Bresson said. “I don’t think we know yet.”