On June 23, 2017, a proposed settlement was reached in a class action lawsuit over the 2015 cyberattack of health insurer Anthem, Inc., involving the theft of the personal information of 78.8 million people.  The $115 million settlement, if approved by the Court, will be the largest data breach settlement in history.  Attorneys from Altshuler Berzon, Cohen Milstein, Girard Gibbs and Lieff Cabraser were court-appointed to lead the representation of the plaintiffs’ in the litigation.

Case Background

Andrew N. Friedman, a partner at Cohen Milstein, was named Co-Lead Plaintiffs’ Counsel in a high-profile class action lawsuit against Anthem, Inc., one of the nation’s largest for-profit managed health care companies.  The lawsuit was brought over a massive data breach that compromised the personal identification and health information of millions of insureds.

In February 2015, Anthem reported that it had incurred a massive data breach that compromised the Personally Identifiable Information and Personal Health Information of approximately 80 million insured consumers. Unlike data breaches involving credit card numbers or other information that individuals can change and monitor for fraud, the Anthem breach exposed data – such as social security numbers, birthdates, home addresses, and employment information – that cannot be changed and cannot be easily monitored for fraud. 

The complaints allege that Anthem failed to take adequate and reasonable measures to ensure its data systems were protected, failed to take available steps to prevent and stop the breach from ever happening, and failed to disclose to its customers the material facts that it did not have adequate computer systems and security practices to safeguard customers’ financial accounts and personal data.  Victims of the Anthem data breach – including children – face a lifetime risk of interference with their business and financial affairs. 

On April 8, 2016, U.S. Magistrate Judge Nathanael Cousins issued an order denying Anthem’s request to inspect the personal computers and devices of each named Plaintiff in In Re Anthem, Inc. Data Breach Litigation.  The litigation stems from a breach of Anthem, Inc.’s database, which contains personal information, including Social Security numbers, for approximately 79 million individuals. In February 2015, Anthem, Inc. announced that the breach had occurred, and the multidistrict litigation was centralized before Judge Koh last year.

Anthem, Inc. sought to inspect the personal computers and devices of the each named Plaintiff in the litigation. Plaintiffs objected that the proposed inspections were highly invasive, burdensome, and intrusive. Plaintiffs also objected that the proposed inspections were unlikely to yield relevant evidence because Plaintiffs’ computer systems possess minor and tangential relevance to the litigation, if they possess any relevance at all.

“There is an Orwellian irony to the proposition that in order to get relief for a theft of one’s personal information, a person has to disclose even more personal information, including an inspection of all his or her devices that connect to the internet,” Judge Cousins wrote. “If the court were to grant Anthem’s request, it would further invade plaintiffs’ privacy interests and deter current and future data theft victims from pursuing relief.”

For more information about the Anthem Data Breach Litigation, including answers to frequently asked questions and important case documents, please see the following websitehttp://anthemdatabreachlitigation.girardgibbs.com/