The Anthem Breach – One Year Later
A proposed class action suit against some of the Blue Cross and Blue Shield entities became smaller last week when a federal judge in California fully disallowed three Anthem affiliates from participation in the litigation. Seven more were partially removed, meaning part of the claims will be allowed to move forward.
In February of 2015, Anthem announced a breach of personal information of more than 80 million of their customers. The breach allegedly occurred in January of that year. In all, there are 45 affiliates, both Anthem and non-Anthem entities, who stand accused of failing to secure personal identifying and personal data.
Hackers stole the personal data of Anthem customers by penetrating Anthem’s computer systems. The stolen data includes: names, birthdates, Social Security numbers, address, and personal identifying health information.
The multidistrict suit, or MDL, was filed in June 2016 in the US District Court for the Northern District of California (case number 5:15-md-02617). At this time it includes approximately 100 breach-related lawsuits. However, Anthem alleges that none of the stolen personal information has resulted in damages to their customers. Anthem has offered two years of free credit monitoring service to affected consumers but critics say this remedy is not enough.
Consumers can request a freeze on their credit reporting accounts with the 3 credit reporting agencies, Equifax, Experian, and Transunion, according to the Federal Trade Commission. However, to do so is both costly and cumbersome, as it requires consumers to unfreeze an account in the event they need to purchase a home, buy a car, or open a new account.
Although there does not appear to be a flood of stolen Anthem data on the black market, this information will remain valuable to criminals indefinitely, since Social Security numbers and birthdates will never change. The MDL claims that customers have already been victims of identity theft including false tax returns, lost bank accounts, and fraudulent activity regarding credit cards and loans.