Anthem Inc has agreed to settle lawsuits over a 2015 hacking and data breach for a record $115 million USD, the largest settlement ever paid for a data breach.
Though the deal has been announced by lawyers for those affected by the data breach, it is still awaiting approval from U.S. District Judge Lucy Koh in San Jose, California, who is presiding over the case.
The settlement money will be used to provide two years of credit monitoring for each plaintiff affected by the breach or can be paid out in cash, at roughly $50 per person.
That credit monitoring is to be offered in addition to the two years of credit monitoring Anthem previously offered victims when it announced the breach in February 2015, according to Anthem spokeswoman Jill Becher.
“We are very satisfied that the settlement is a great result for those affected and look forward to working through the settlement approval process,” Andrew Friedman, a lawyer for the victims, said in a statement.
In February 2015, Anthem, at the time the second-largest health insurer in the U.S., revealed that its customer database had been breached. Stolen data included names, addresses, dates of birth, Social Security numbers and employment histories and as many as 80 million current and former customers’ records were thought to be compromised.
Investigators believe hackers gained access to Anthem’s network via a watering-hole attack that obtained an administrator’s login credentials. The breach went undetected for nine months after the hackers first gained access to the network, until a systems administrator that an account had been querying internal databases without the account holder’s knowledge.
Many experts believe the hack was the work of Deep Panda, a group known for breaking into technology, aerospace and energy firms as well as another health insurer, Premera, whose data breach was discovered on the same day as Anthem’s.
Learn about the Anthem Breach and more in our Top 10 Most Disastrous Data Breaches Video:
Latest posts by Jeff Edwards (see all)
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017