More on Compliance & Legal

Landmark $115 million settlement reached in Anthem data breach suit, consumers could feel sting

Per agreement, lawyer fees will soak up a third of the $115 million fund, boiling down to less than dollar each for the 78.8 million breach victims.

Beth Jones Sanborn, Managing Editor

A proposed settlement has been reached in the landmark Anthem data breach case, which saw the personal information of nearly 79 million people stolen and is being referred to as the biggest data breach in history, lawyers involved with the case announced.

The $115 million settlement, if approved by a judge as scheduled next month, is the end result of the massive class action lawsuit filed after a 2015 cyberattack on insurance giant Anthem and is said to be the largest data breach settlement in history, law firm GirardGibbs said in a statement.

The $115 million settlement fund, which will be used to give data breach victims at least two years of credit monitoring; cover out-of-pocket expenses incurred by consumers stemming from the breach, and provide cash compensation for those consumers who are already enrolled in credit monitoring. Additionally, the settlement requires Anthem to guarantee a certain level of funding for information security, and to maintain changes to its data security systems like encryption of certain information and archiving sensitive data with strict access controls, the firm said.

HIMSS20 Digital

Learn on-demand, earn credit, find products and solutions. Get Started >>

[Also: Anthem leaves two more exchange markets in Indiana and Wisconsin]

More specifically, according to the settlement agreement, the legal team that brought the suit will get up to a third of the $115 million for fees and costs incurred. After that, Experian will receive $17 million to provide two years of credit monitoring for those affected, and those who have already enrolled in such services will be compensated $36 each, possibly up to $50 each as long as the consumer applies within three months of the settlement agreement. Back out-of-pocket expenses claimed by breach victims could also be covered, and will be evaluated on a case-by-case basis. Anything left in the settlement fund after all that will be split between Purdue University's Center for Education and Research in Information Assurance Security, and the non-profit Electronic Frontier Foundation, the settlement said.

If you boil the math down, after just the lawyer fees, the 78.8 million breach victims will get less than a dollar each.

[Also: Anthem, Cigna saga not over as insurer demands Anthem pay the $1.85 billion breakup fee plus $13 billion]

In early 2015, Anthem acknowledged the cyberattack that saw the personal information of 78.8 million individuals stolen. For many of them, that information included names, birth dates, social security numbers, and health care ID numbers.

"After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses," said Eve Cervantez, co-lead counsel representing the plaintiffs in the Anthem litigation.

Twitter: @BethJSanborn