SEATTLE--(BUSINESS WIRE)--An Anthem customer has filed a class-action lawsuit against Anthem Inc. for allegedly failing to protect customer data and not immediately and accurately informing customers whose data was compromised in a recent massive data breach, according to attorneys at Hagens Berman. The recent hack compromised the personal information of about 80 million U.S. citizens presently or previously insured or employed by Anthem, the complaint states. The law firm’s investigation also recently revealed that the nation’s second largest insurer did not encrypt the data that was stolen.
“Data encryption is the touchstone of any reasonable approach to protecting personal information,” said Thomas Loeser, a former federal cyber-prosecutor and Hagens Berman partner. “We consider this the smoking gun of this investigation. Anthem knew the importance of encryption, as it encrypted data that was sent outside of its databases. But it did not take this basic step for data that it kept within its systems, leaving vulnerable a gold mine for cyber-criminals.”
The 32-page complaint states that named plaintiff and current Anthem customer under Blue Cross Blue Shield, David Liu of Tustin, California, was harmed in having his personal, health, and financial information associated with his health insurance compromised as a result of the Anthem data breach and Anthem’s failure to provide timely and accurate notice. The complaint states that, “Plaintiff would not have given his personal health and financial information to Anthem for his health insurance had Anthem informed him that it lacked adequate computer network and data security to secure his and other Anthem customers’ personal, health and financial information.”
“Anthem’s lack of data encryption is not only alarming in its negligence but also means that hackers hit the jackpot,” Loeser added. “Once they had infiltrated Anthem’s systems, this sensitive personal information belonging to millions of Anthem customers was plainly visible and ready to use. On the ‘dark-web,’ where cyber-thieves trade the fruits of crime, credit card information routinely sells for $10-$25 per account. But Social Security numbers, especially when paired with name, address, emails and birthdates, are exponentially more valuable. Such ‘complete identities’ can sell for upwards of $250-$400. That makes the Anthem breach conservatively worth more than $20 billion to criminals.”
The data breach affects individuals’ names, addresses, Social Security numbers, emails, employment information and income, causing what Loeser considers “likely irreversible damage” to those affected by the breach. “Moreover,” Loeser said, “the harm could last for years because unlike credit card numbers which can be reissued, Social Security numbers are held for life and are extremely difficult to replace.”
Has Your Data Been Stolen? Here’s What You Should Do
Anthem has stated it may be weeks before it contacts all data breach victims. Since Anthem reports about 80 million records of past and present customers and employees were stolen, and Anthem has about 38 million current customers, you should assume that if you are or were an Anthem customer or employee, it is likely that your information was stolen.
Hagens Berman suggests that concerned consumers who are or were insured by Anthem and Anthem employees take immediate steps to prevent identity theft. You can contact Hagens Berman by emailing Anthem@hbsslaw.com or by calling 206-623-7292 to find out the steps you can take. Additional information about the investigation is available at www.hbsslaw.com/Anthem. The proposed class-action seeks to represent all persons in the United States whose personal information was compromised as a result of the data breach first disclosed by Anthem on February 4, 2015.
To protect your identity and personal information, Hagens Berman suggests individuals notify credit agencies, request credit alerts and take other precautions to keep damage to a minimum. More information on these best practices can be found here.
Loeser said he is particularly concerned that Anthem customers and employees could be subject to tax return fraud due to the breadth of information stolen, including name, address, Social Security numbers, birthdates and employment information.
“When personal information, along with Social Security numbers and birthdates are stolen, it can lead to false state and federal tax returns and result in millions of dollars in stolen, fraudulent tax refunds,” Loeser said.
Hagens Berman continues to investigate Anthem and seeks any anecdotes or information from those who believe they have been affected by the data breach.
“We’re continuing to closely monitor this massive breach of highly sensitive information and the sheer lack of data protection on the part of Anthem,” said Steve Berman, managing partner at Hagens Berman. “With so much of customers’ information now out in the open, we hope to move quickly to help remedy this widespread damage.”
Hagens Berman Sobol Shapiro LLP is a consumer-rights class-action law firm with offices in nine cities. The firm has been named to the National Law Journal’s Plaintiffs’ Hot List seven times. More about the law firm and its successes can be found at www.hbsslaw.com. Follow the firm for updates and news at @ClassActionLaw.