Less than a day after it revealed hackers exposed the personal information of about 80 million customers and employees, Anthem, Inc., the nation’s second-largest health insurer, has been sued in putative class actions in California and Alabama federal courts. The suits accuse Anthem of failing to protect its customers. In what may be one of the first suits over the breach, California Plaintiff Samantha Kirby alleges Anthem didn’t have proper security procedures in place and waited too long to tell customers about the hackers. The suit says that Anthem detected the breach as early as Jan. 29.
Anthem has said cyberattackers executed a “very sophisticated attack” to gain access to one of its information technology systems, and that the hackers have personal information on current and former members. The information includes names, Social Security numbers, income data and email addresses. Robert Ahdoot of Ahdoot & Wolfson PC, representing Kirby, told Law360 that Anthem’s breach was more concerning than those affecting retailers in the past year because it potentially exposed medical information. Comparing this to the December 2013 Target Corp. hack that stole information on 70 million customers, it appears this one may be at least as bad. Ahdoot said:
This is a different kind of breach. Anthem has a lot of information about its insureds and you have to assume all of that information has been compromised.
Alabama Plaintiff Danny Juliano also sued Anthem last month, claiming the insurer failed to properly encrypt user data and failed to live up to its promise to protect consumers. While Anthem said that credit card numbers and medical information was still safe, Kirby’s suit attacked Anthem’s statement as “carefully worded and conclusory.” Based on the phrasing, Kirby claims that information was also compromised. Ahdoot said: “They’re somewhat evasive, it seems to me.”
Anthem CEO Joseph R. Swedish had said that “based on what we know now, there is no evidence” that credit card or medical information was either targeted or accessed. Kirby’s suit further claims Anthem unreasonably delayed informing customers about the breach and still hasn’t said exactly when the systems were attacked, how long hackers had access to information or what specific steps have been taken to prevent future breaches. Kirby said:
Plaintiff and the class she seeks to represent now face years of constant surveillance of their financial and medical records, monitoring, loss of rights, and potential medical problems.
Anthem said it has contacted the FBI and is fully cooperating in the investigation. The company hired Mandiant, a cybersecurity firm that’s been used in many high-profile attacks in recent months. The company says it’s individually notifying each customer who was affected, offering credit monitoring services and has set up a toll-free number for people to call with questions. Kirby’s proposed class includes all California Anthem customers affected by the breach and claims Anthem is liable for negligence, bailment, conversion and invasion of privacy, along with violations of the California Confidentiality of Medical Information Act and Unfair Competition Law. Juliano’s proposed class includes all Anthem customers nationwide. His suit includes claims of invasion of privacy, unjust enrichment, negligence, wantonness and violations of the Fair Credit Reporting Act.
The California case is in the U.S. District Court for the Central District of California. The Alabama case is in the U.S. District Court for the Northern District of Alabama. These cases will be watched closely as they proceed through the system.
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.