On August 25, 2017 the Court preliminarily approved a $115 million settlement in a class action lawsuit over the 2015 cyberattack and massive data breach of Anthem, Inc., one of the nation’s largest for-profit managed health care companies, which resultied in the theft of personal identification and health information of 78.8 million insureds. The settlement is the largest data breach settlement in history.

For information about the settlement in In re Anthem, Inc. Data Breach Litigation, please go to the following website: http://www.databreach-settlement.com/

Andrew N. Friedman, Partner and Co-Chair of Cohen Milstein's Consumer Protection practice group, is Co-Lead Plaintiffs’ Counsel in this high-profile class action lawsuit against Anthem, Inc.

Case Background

In February 2015, Anthem reported that it had incurred a massive data breach that compromised the Personally Identifiable Information and Personal Health Information of approximately 80 million insured consumers. Unlike data breaches involving credit card numbers or other information that individuals can change and monitor for fraud, the Anthem breach exposed data – such as social security numbers, birthdates, home addresses, and employment information – that cannot be changed and cannot be easily monitored for fraud. 

The complaints allege that Anthem failed to take adequate and reasonable measures to ensure its data systems were protected, failed to take available steps to prevent and stop the breach from ever happening, and failed to disclose to its customers the material facts that it did not have adequate computer systems and security practices to safeguard customers’ financial accounts and personal data.  Victims of the Anthem data breach – including children – face a lifetime risk of interference with their business and financial affairs. 

On April 8, 2016, U.S. Magistrate Judge Nathanael Cousins issued an order denying Anthem’s request to inspect the personal computers and devices of each named Plaintiff in In Re Anthem, Inc. Data Breach Litigation.  The litigation stems from a breach of Anthem, Inc.’s database, which contains personal information, including Social Security numbers, for approximately 79 million individuals. In February 2015, Anthem, Inc. announced that the breach had occurred, and the multidistrict litigation was centralized before Judge Koh last year.

Anthem, Inc. sought to inspect the personal computers and devices of the each named Plaintiff in the litigation. Plaintiffs objected that the proposed inspections were highly invasive, burdensome, and intrusive. Plaintiffs also objected that the proposed inspections were unlikely to yield relevant evidence because Plaintiffs’ computer systems possess minor and tangential relevance to the litigation, if they possess any relevance at all.

“There is an Orwellian irony to the proposition that in order to get relief for a theft of one’s personal information, a person has to disclose even more personal information, including an inspection of all his or her devices that connect to the internet,” Judge Cousins wrote. “If the court were to grant Anthem’s request, it would further invade plaintiffs’ privacy interests and deter current and future data theft victims from pursuing relief.”

On June 25, 2017, a proposed settlement was reached between the class and Anthem. 

For more information about the Anthem Data Breach Litigation, including information about the settlement and important case documents, please see the following websitehttp://www.databreach-settlement.com/