Attorney General James helps secure $39.5 million after Anthem’s 2014 data breach
The breach gave attackers access to Anthem’s data warehouse, where they harvested names, dates of birth, Social Security numbers, health care identification numbers, home addresses, email addresses, phone numbers, and employment information.
Today’s agreement resolves the cyber-attack by forcing Anthem to pay the multistate coalition a total $39.5 million in penalties and fees — more than $2.7 million of which will go to New York state directly.
In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014 using malware installed through a phishing email.
Not only will Anthem specifically pay New York $2,715,495.21 as a result of today’s agreement, but the company will make a series of changes to its security protocols designed to strengthen practices going forward.
In addition to the agreement, Anthem previously entered into a class action settlement that established a $115 million settlement fund to pay for additional credit monitoring, cash payments of up to $50 per individual breached, and reimbursement for out-of-pocket losses for affected consumers. The deadlines for consumers to submit claims under that settlement have since passed.
The Office of the New York Attorney General was a member of the multistate Executive Committee along with the attorneys general of Connecticut, Illinois, Indiana, Kentucky, Massachusetts, and Missouri.
They were joined by the attorneys general of Alaska, Arizona, Arkansas, Colorado, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Nebraska, New Hampshire, New Jersey, Nevada, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Virginia, Washington, West Virginia, Wisconsin, and the District of Columbia.
Additionally, the attorney general of California entered into a similar, but separate agreement. ■