Things You Need To Know About The Anthem Data Breach Settlement
Background About the Lawsuit
Around July 2015, Anthem Blue Cross Blue Shield Inc. was hit with a class-action lawsuit because of a data breach that the company allegedly failed to properly protect itself from, according to allegations.
Kathryn Leniski sued Anthem Inc. in California, and she said federal agencies informed the company to make sure their customer data and other high-value information are properly protected. Leniski relates Anthem did nothing despite the warnings.
If sold to the black market, a single medical record can sell up to $250, credit card info with their social security number can go for cents on the dollar.
For the past five years, over 29 million people have gone through 740 health care data breaches, according to statistics from the U.S. Department of Health and Human Services.
Further allegations relating to the plaintiff’s personal data stolen from the company through the data breach were used to complete a 2014 tax return under her name and to collect a refund check.
But despite what happened, Anthem took so much time to inform her of the problem.
Anthem should have been aware of the security risk as a data breach happened earlier with WellPoint, another health care company. WellPoint had to pay the Department of Health and Human Services $1.7 million in penalties as they failed to protect their customer’s information.
The lawsuit also listed the costs the plaintiff has to face just to get her identity back and to guard herself against cyber theft. But as her personally identifiable information is in someone else’s hands, it poses a significant risk for her, as people may use it for fraud throughout the rest of her life.
As Anthem Inc. is a healthcare company, they will need to handle highly confidential information of current and old customers along with employee details. According to the lawsuit, they are mandated to protect them from unwanted disclosure and theft.
The plaintiff also claimed that since the data breach involved SSN and birth dates, skilled people can use them to open credit.
Anthem admitted that they did not encrypt the information while it was saved after the data breach happened.
Details About the Anthem Data Breach MDL Settlement
Anthem and other health benefits companies have agreed to shell out $115 million to resolve a lawsuit that started from a data breach announced in February 2015.
The companies did not admit that they’ve done anything wrong, but settling the lawsuit was the best option to avoid the burden and additional costs of ongoing litigation.
Along with the class action settlement, Anthem has also agreed to do a revamp of its business practices to upgrade the security of the customer’s personal details that were in its databases.
The $115 million settlement will be used to pay for out-of-pocket losses that the class members went through, along with the credit monitoring services to protect them from further damages.
The class members might get up to $10,000 for out-of-pocket expenses or up to $36 for the class members who have had credit monitoring services they want to keep for a year.
They can also receive the following benefits:
- Free credit monitoring services
- Free fraud resolution
- Up to $10,000 reimbursement for out-of-pocket costs
What will be considered for reimbursement involves the following out-of-pocket losses incurred after January 2015:
- Fees paid for credit monitoring services
- Losses, fees, or charges that were incurred and unreimbursed even though they resulted from identity theft or fraud because of the misuse of a customer’s personal details
- Professional charges and fees incurred while trying to resolve identity theft or fraud
- Fees associated with credit freezes
- Notary, fax, postage, copying, mileage, and long-distance costs upon proving these resulted from the data breach
- Reimbursing time spent resolving problems that the data breach incurred, computed at a rate of $15 an hour up to 10 hours. It also includes time off work at the documented hourly wage, whichever may be greater.
Some Frequently Asked Questions
Why did Anthem Inc. settle?
Anthem Inc, along with the other defendants in the case, settled the litigation after extensive negotiations about the problems presented in the lawsuit and agreed to resolve the case as it will benefit the individuals whose information may have been involved in the breach and are now class members of the class action settlement.
Who can people contact if they have more questions about the class action settlement?
They can visit databreach-settlement.com to see information about the settlement, or call 855-636-6136 or send a letter to: In re Anthem, Inc. Data Breach Litigation Settlement Administrator, P.O. Box 404012, Louisville, KY 40233-9821.
Who will provide the credit services that are offered as a part of the Anthem data breach settlement?
Experian will provide the credit monitoring and identity protection services under the settlement agreement, but all the credit monitoring bureaus will be available for individuals who enroll.
When and how can people enroll?
There are enrollment details in the notices that were sent by the Anthem data breach settlement administrator, or you can go to databreach-settlement.com for more details. People can also call 855-636-6136 or write to this address: In re Anthem, Inc. Data Breach Litigation Settlement Administrator, P.O. Box 404012, Louisville, KY 40233-9821.
Anthem Data Breach Class Action Timeline
4th of February 2015
Anthem Inc. reported that hackers got into their services and possibly got into their servers and stole 37.5 million records that had personally identifiable information.
24th of February 2015
From 37.5 million, the number increased to 78.8 million people whose personal details were involved in the data breach.
14th of February 2016
A federal judge approved the unfair competition law claims against Anthem Life Insurance company to move forward, letting a class action lawsuit take place.
24th of February 2017
A federal judge allowed a plaintiff’s request to go through government documents.
The Anthem data breach class action settlement was opened. And the class members started to file a claim.
16th of August 2018
The court approved the Anthem Data Breach Class Action Settlement.
12th of September 2018
People filed appeals to the settlement, so they did not pay claims until all the appeals were addressed.
20th of November 2018
Eligible class members started receiving payment from the settlement as much as $50.
21st of November 2019
Eligible class members started receiving payment from the settlement to pay for out-of-pocket expenses as much as $5,000.
Request to Access Audit Documents Approved by Federal Judge
Plaintiffs requested access to a 2013 government audit of Anthem’s servers. But as some information was encrypted, the judge allowed access to only the ones that involved what the plaintiffs needed.
The U.S. Office of Personnel Management (OPM) released a part of the documents requested by the plaintiffs in the Anthem MDL in relation to the I.T. systems audits of Anthem and its affiliates.
OPM informed that they protected some documents under the deliberative process and law enforcement privilege. The plaintiffs moved to compel them to provide these documents.
The documents that OPM withheld allegedly involved audit documents that were linked to Anthem’s refusal to allow OPM to go through with a particular audit testing, auditor reviews, and conclusions about Anthem’s information system security practices, writeups reporting meetings between the auditors and employees of Anthem related to network security and risk assessment.
There were also emails about updates to federal contracts and whether Anthem implemented recommendations made as part of the 2013 audit.
After that, a judge decided that the withheld documents only have factual details, and the deliberative process and the law enforcement privilege do not apply.
The judge then allowed the plaintiff’s request to release the documents but denied access to the ones protected from disclosure.
What Credit Monitoring Is All About
A credit file comprises information a credit reporting agency collects about someone and how they’ve used their credit. It also contains one’s personal details such as their full name, any addresses they’ve lived in, and their SSN.
The information in credit files can change for different reasons. It’s helpful to know when these changes happen. Here are activities that will start a credit monitoring alert:
- Opening a new account may include credit cards and loans
- Hard credit inquiries occur when financial organizations run credit checks on each credit card or loan application they receive
- New public records involve details about bankruptcies and court judgments
- Address changes linked to credit cards and loans
- Accounts sent to collections for unpaid debts
For many, there are a lot of benefits of credit monitoring:
- Helps to stay on track of any changes to their credit file data
- It would notify of any activity on their credit file dependent on the service one subscribed to
- Helps to protect someone from identity theft
There are a lot of reputable companies where people can avail of credit monitoring services, but it’s best to understand everything before signing up.
There are also businesses giving free credit monitoring services, but there are limitations and may not monitor all three credit reporting bureaus, but it is best to remember that credit monitoring alone may not be sufficient to protect one against all types of identity theft.
What to Do After the Anthem Data Breach
After the Anthem Data Breach, consumers should be more careful of their personal accounts, ensuring that people with malicious content cannot easily access their personally identifiable information.
It is also advisable to tread lightly with their online presence, as it is also another way that people with malicious intent can use to get to their personal information.
Customers can get a credit report for free at annualcreditreport.com or call toll-free at 1-87-322-8228. This is a good way for people to check for any suspicious activity on any of their accounts.
Check any statements they get, especially medical and insurance statements that include Explanation of Benefits, as the paperwork usually shows early warning signs of abuse.
Always check the details of the claims that they receive. The customer needs to check if they match the care they received when they were in the hospital. If there’s any discrepancy, they should check with their health plan and report the problem.
Here are other signs that customers need to look out for:
- Bills for medical services that the customer did not avail of
- Calls from a collection agency/agent about medical-related debt that the customer doesn’t have
- Medical-related collection notices on the customer’s credit report that they don’t remember
- A notice from Anthem or any other health plan company
- A notice that they were denied insurance as their medical records listed a condition they don’t have
It is advised to be calm and watch your financial details closely. Anthem offered two years of credit monitoring and services for repairing identity theft for customers whose details were included in the data breach.
Anthem Inc. said they have gotten no details of any fraudulent activity against the affected customers.
Customers were also advised to watch for any phishing emails that might take someone’s login details, passwords, and credit card details. This may also involve emails from unknown people or phone calls asking for personal information such as social security numbers, birth dates, or account numbers.
Here are more specific steps on securing one’s online information:
Get free credit reports
A credit report has one’s credit card, loan, and payment report into one credit file, so it’s the easiest way to watch any fraudulent activity. So, according to law, people can get a free copy of their credit report every one year from the three primary credit reporting companies.
Update any online login information
After the Anthem data breach, old and new Anthem customers were advised to change their passwords and protect their accounts. Most online sites would require one upper and lowercase letter, a minimum of 8 to 10 characters, a number, and a special character.
Put fraud alerts on credit reports
When people want credit grantors to verify their identity before giving any credit in their name, they place a fraud alert on their credit report off chance that someone tries to get their details without their permission.
Placing a three-month alert on credit reports may cost people money and lifting it. People can then call Experian at 1-888-397-3742 or visit their website at www.experian.com/fraud.
For Transunion, people can contact them by calling 1-800-680-7289 or by visiting fraud.transunion.com.
For Equifax, their number’s 1-800-525-6285, and their website is at alerts.equifax.com.
Put a security freeze on charge accounts when needed
Placing a security freeze on one’s credit report may delay the approval of any loan requests or applications for new credit, loans, or services. Here are the ways to contact the credit bureaus:
- experian.com/freeze/center.html (1-888-397-3742)
- transunion.com/securityfreeze (1-800-680-7289)
- freeze.equifax.com (1-800-525-6285)
Editor’s Note on Anthem Data Breach Settlement Postcard:
This article covers the old Anthem Data Breach MDL Class Action Lawsuit’s settlement. It was requested by one of our subscribers. Every detail is available in the official court filings and sheet. If you would like to make a request or have any queries, then please send us a message via the “Contact Us” button below.
Case Name: Anthem, Inc. Data Breach Litigation, Case No. 15-md-02617
Jurisdiction: U.S. District Court – Northern District of California
Product/service: Data Breach
Allegations: Anthem allegedly failed to properly protect itself from a data breach in 2015
Suggested Article: Robinhood MDL Class Action 2021.