MADISON ⏤ Attorney General Josh Kaul today announced that 43 states, including Wisconsin, have reached a $39.5 million settlement with Anthem.
The settlement stems from a massive 2014 Anthem data breach that involved the personal information of 78.8 million Americans, according to a press release from Kaul’s office.
Wisconsin will receive $141,970 from the settlement.
Anthem also agreed to a series of data security and good governance provisions going forward.
“Data breaches can cause long-term harm to consumers. Corporations that collect people’s personal information must carefully safeguard it,“ Kaul said in a released statement.
The resolution “does not relate to a civil action filed by the state of Wisconsin,” Kaul’s release states.
In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014. These attacks used malware installed through a phishing email.
The attackers were ultimately able to gain access to Anthem’s data warehouse, where they harvested a cache of personal information. This included names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers and employment information for 78.8 million Americans.
In Wisconsin, 1,744,732 residents were affected by the breach.
Series of provisions
Under the settlement, Anthem has agreed to a series of provisions designed to strengthen its security practices going forward.
- A prohibition against misrepresentations regarding the extent to which Anthem protects the privacy and security of personal information;
- Implementation of a comprehensive information security program, incorporating principles of zero trust architecture, and including regular security reporting to the Board of Directors and prompt notice of significant security events to the CEO;
- Specific security requirements with respect to segmentation, logging and monitoring, anti-virus maintenance, access controls and two factor authentication, encryption, risk assessments, penetration testing, and employee training, among other requirements;
- And third-party security assessments and audits for three years ⏤ including a requirement that Anthem make its risk assessments available to a third-party assessor during that term.
Immediately following breach
Immediately following the breach, Anthem offered an initial two years of credit monitoring to all affected U.S. individuals.
Anthem entered into a class-action settlement after the breach. From that settlement, Anthem established a $115 million settlement fund. Those funds paid for additional credit monitoring, cash payments of up to $50 and reimbursement for out-of-pocket losses for consumers.
The deadlines for consumers to submit claims under that settlement has ended. The Connecticut Office of the Attorney General led the multistate investigation. It was assisted by the attorneys general of Illinois, Indiana, Kentucky, Massachusetts, Missouri and New York.
Also in the News
The Lenten season is here. But whether you are Catholic or not, fish fry dinners are a staple in Wisconsin. The COVID-19 pandemic, which began during the middle of Lent in 2020, put a halt to the dining experience. Luckily, for Wisconsinites, the fish fry is still happening this year. You can support local churches […]
RACINE – A Racine man was in custody Wednesday after allegedly kicking in his neighbor’s door and starting a fight. The Racine County District Attorney’s Office charged Johnny M. Walrup Jr., 30, of 1220 Carlisle Ave., with felony bail jumping and criminal damage to property following a Tuesday incident. According to the criminal complaint, Racine […]
The City of Racine Parks, Recreation, and Cultural Services (PRCS) announces the opening of adult Sand Volleyball League registration on Monday, March 1, 2021. Teams may register for Monday night recreational Coed leagues, Tuesday night competitive and recreational Men’s/Women’s leagues, and Wednesday night competitive and recreational Coed leagues. Team registration forms are available online here. […]