State AGs announce $39.5 million settlement in Anthem data breach

Editor
0 0
Read Time2 Minute, 57 Second


Missouri, Oklahoma and Kansas among states in settlement
Anthem Settlement

 JEFFERSON CITY, Mo. (Media release) – Missouri Attorney General Eric Schmitt, along with a coalition of state attorneys general, today announced a $39.5 million multistate settlement with Anthem stemming from the massive 2014 data breach that involved the personal information of 78.8 million Americans. Through the settlement, Anthem has reached a resolution with the 43-state multistate coalition. Missouri will receive $1,841,839.64 from the settlement. In addition to the payment, Anthem has also agreed to a series of data security and good governance provisions designed to strengthen its practices going forward.

In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014, using malware installed through a phishing email. The attackers were ultimately able to gain access to Anthem’s data warehouse, where they harvested names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information for 78.8 million Americans. In Missouri, 2,041,985 residents were affected by the breach.

“Protecting consumer data is incredibly important, and when companies or corporations who store large amounts of consumer data fail to safeguard that data, they must be held accountable,” said Attorney General Schmitt. “This is another example of the great work that can be done when state attorneys general from across the country work together.”

Under the settlement, Anthem has agreed to a series of provisions designed to strengthen its security practices going forward. Those include:

  • a prohibition against misrepresentations regarding the extent to which Anthem protects the privacy and security of personal information;
  • implementation of a comprehensive information security program, incorporating principles of zero trust architecture, and including regular security reporting to the Board of Directors and prompt notice of significant security events to the CEO;
  • specific security requirements with respect to segmentation, logging and monitoring, anti-virus maintenance, access controls and two factor authentication, encryption, risk assessments, penetration testing, and employee training, among other requirements; and
  • third-party security assessments and audits for three (3) years, as well as a requirement that Anthem make its risk assessments available to a third-party assessor during that term.

In the immediate wake of the breach, Anthem offered an initial two years of credit monitoring to all affected U.S. individuals.

In addition to this settlement, Anthem previously entered into a class action settlement that established a $115 million settlement fund to pay for additional credit monitoring, cash payments of up to $50, and reimbursement for out-of-pocket losses for affected consumers. The deadlines for consumers to submit claims under that settlement have since passed.

The Connecticut Office of the Attorney General led the multistate investigation, assisted by the Attorneys General of Illinois, Indiana, Kentucky, Massachusetts, Missouri, and New York, and joined by the Attorneys General of Alaska, Arizona, Arkansas, Colorado, the District of Columbia, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, Nebraska, New Hampshire, New Jersey, Nevada, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Virginia, Washington, West Virginia, and Wisconsin.





Source link

About Post Author

Editor

Editor is WebTech Group (WTG). WTG is a web hosting, design, SEO, press release distribution company and news agency located in St. Louis, Missouri. Site is owned and operate multiple news sites in the region. Our objective with STLNewsMissouri.com is to offer readers a one-stop news site for Missouri news. We aggregate news from news media across the state. We do not aggregate news from all sources. We pick from those that offer RSS feeds and pick the best with eliminating those that might produce the same news stories, written differently.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleppy
Sleppy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Next Post

Pettis Co. Clerk: 1,200 unfilled absentee ballots missing; no voters impacted

SEDALIA – Pettis County Clerk Nick La Strada confirmed that at least 1,200 blank absentee ballots were reported missing Wednesday morning. La Strada said the ballots were in the custody of the US Postal Service before going missing. They were on the way to voters and hadn’t been filled out. […]
Pettis Co. Clerk: 1,200 unfilled absentee ballots missing; no voters impacted