An Anthem customer has filed a class-action lawsuit against Anthem Inc.
for allegedly failing to protect customer data and not immediately and
accurately informing customers whose data was compromised in a recent
massive data
breach, according to attorneys at Hagens Berman. The recent hack
compromised the personal information of about 80 million U.S. citizens
presently or previously insured or employed by Anthem, the
complaint states. The law firm’s investigation also recently
revealed that the nation’s second largest insurer did not encrypt the
data that was stolen.
“Data encryption is the touchstone of any reasonable approach to
protecting personal information,” said Thomas Loeser, a former federal
cyber-prosecutor and Hagens Berman partner. “We consider this the
smoking gun of this investigation. Anthem knew the importance of
encryption, as it encrypted data that was sent outside of its databases.
But it did not take this basic step for data that it kept within its
systems, leaving vulnerable a gold mine for cyber-criminals.”
The 32-page complaint states that named plaintiff and current Anthem
customer under Blue Cross Blue Shield, David Liu of Tustin, California,
was harmed in having his personal, health, and financial information
associated with his health insurance compromised as a result of the
Anthem data breach and Anthem’s failure to provide timely and accurate
notice. The complaint states that, “Plaintiff would not have given his
personal health and financial information to Anthem for his health
insurance had Anthem informed him that it lacked adequate computer
network and data security to secure his and other Anthem customers’
personal, health and financial information.”
“Anthem’s lack of data encryption is not only alarming in its negligence
but also means that hackers hit the jackpot,” Loeser added. “Once they
had infiltrated Anthem’s systems, this sensitive personal information
belonging to millions of Anthem customers was plainly visible and ready
to use. On the ‘dark-web,’ where cyber-thieves trade the fruits of
crime, credit card information routinely sells for $10-$25 per account.
But Social Security numbers, especially when paired with name, address,
emails and birthdates, are exponentially more valuable. Such ‘complete
identities’ can sell for upwards of $250-$400. That makes the Anthem
breach conservatively worth more than $20 billion to criminals.”
The data breach affects individuals’ names, addresses, Social Security
numbers, emails, employment information and income, causing what Loeser
considers “likely irreversible damage” to those affected by the breach.
“Moreover,” Loeser said, “the harm could last for years because unlike
credit card numbers which can be reissued, Social Security numbers are
held for life and are extremely difficult to replace.”
Has Your Data Been Stolen? Here’s What You Should Do
Anthem has stated it may be weeks before it contacts all data breach
victims. Since Anthem reports about 80 million records of past and
present customers and employees were stolen, and Anthem has about 38
million current customers, you should assume that if you are or were an
Anthem customer or employee, it is likely that your information was
stolen.
Hagens Berman suggests that concerned consumers who are or were insured
by Anthem and Anthem employees take immediate steps to prevent identity
theft. You can contact Hagens Berman by emailing Anthem@hbsslaw.com
or by calling 206-623-7292 to find out the steps you can take.
Additional information about the investigation is available at www.hbsslaw.com/Anthem.
The proposed class-action seeks to represent all persons in the United
States whose personal information was compromised as a result of the
data breach first disclosed by Anthem on February 4, 2015.
To protect your identity and personal information, Hagens Berman
suggests individuals notify credit agencies, request credit alerts and
take other precautions to keep damage to a minimum. More information on
these best practices can be found here.
Loeser said he is particularly concerned that Anthem customers and
employees could be subject to tax return fraud due to the breadth of
information stolen, including name, address, Social Security numbers,
birthdates and employment information.
“When personal information, along with Social Security numbers and
birthdates are stolen, it can lead to false state and federal tax
returns and result in millions of dollars in stolen, fraudulent tax
refunds,” Loeser said.
Hagens Berman continues to investigate Anthem and seeks any anecdotes or
information from those who believe they have been affected by the data
breach.
“We’re continuing to closely monitor this massive breach of highly
sensitive information and the sheer lack of data protection on the part
of Anthem,” said Steve Berman, managing partner at Hagens Berman. “With
so much of customers’ information now out in the open, we hope to move
quickly to help remedy this widespread damage.”
About
Hagens Berman
Hagens Berman Sobol Shapiro LLP is a consumer-rights class-action law
firm with offices in nine cities. The firm has been named to the
National Law Journal’s Plaintiffs’ Hot List seven times. More about the
law firm and its successes can be found at www.hbsslaw.com.
Follow the firm for updates and news at @ClassActionLaw.
Copyright Business Wire 2015