Anthem Blue Cross, you likely remember, was one of the first “Blues” to admit that they had lost control of the data on their subscribers to the tune of around 79 million people. After Anthem admitted that, a number of other insurance companies – both Blues and others – admitted that they, too, had been hacked.
Judge Lucy Koh, a U.S. District Court Judge who has presided over a number of very famous (Yahoo, for example) breach cases consolidated over 100 lawsuits into one in her court.
If approved by Judge Koh, it would be the largest single settlement for a breach.
The money will be used to pay for an additional two years of credit monitoring. Alternatively, victims can get fifty bucks instead.
That is not much consolation, if you ask me.
Still, for Anthem, it is a large check for them and/or their insurance company to write. It is likely that they have used up most or all of their breach insurance coverage already, so my speculation is that the cost is coming out of their pocket.
Compared to Target’s $18 million settlement and Home Depot’s $19 million settlement, this is a big number.
Anthem will have to allocate a certain amount of money to security enhancements and make certain specific changes to its security program – on top of writing that rather large check.
It is important to understand that for victims of medical information theft, credit monitoring is about as useful as a screen door on a submarine. Usually the stolen information is used for insurance fraud (AKA medical care fraud) and to a lesser extent to compromise existing credit accounts using the stolen information. Neither of these will show up on a credit report.
It is not clear how that money will be split up between lawyers, victims and credit monitoring, but that will likely come out after the settlement is approved.