Anthem sued for alleged negligence leading to data breach

By Chad Hemenway on June 30, 2015

Anthem_Thumb

Filed June 26 in US District Court in the Northern District of California, lead plaintiff Kathryn Leniski said the second-largest health insurer in the US failed to encrypt customer and insured personal and health information that “enabled criminal enterprises and hackers to secure a treasure trove of personal information, including millions of social security numbers—described as ‘the key that unlocks the vault’—exposing millions of customers to identity theft and other harmful consequences and damage.”

Leniski told of her personal experience in which she received a letter from Indiana, where she lives, to inform her someone had attempted to file a state tax return in an effort to steal any tax refund. She was told to file a police report and spent three days with state and federal investigators while missing work and spending money on transportation. About a week after receiving the letter from the state, Leniski said she got a letter from Anthem on March 8, 2015 to tell her Anthem had been breach and her employment data was possibly compromised.

Early in February the health insurer announced that hackers stole potentially tens of millions of insured and employee records, including names, Social Security numbers, birthdates, medical identification, street addresses, email addresses and income data for employees.

ALSO READ: Why Anthem is the worst breach yet, and how we could protect everybody if we cared

Leniski said her tax refund was delayed, her credit cards were declined and frozen and her credit took a hit. She alleged that she needs to spend more money protecting her identity and guarding against additional attempts at theft while knowing her social security number is accessible.

Citing several public and private reports as well as news articles, Leniski outlines the ways in which companies like Anthem are obligated to protect customer data and were warned of cyberattacks.

“As the second-largest healthcare insurer in the United States, Anthem knew full well that it was at grave risk of being hacked,” read the lawsuit. “This was not your run of the mill hack. It was the holy grail of a hack.

“Victims of the Anthem breach will undoubtedly suffer significant and ongoing financial harm.”

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].