In the largest data-breach settlement to date, Anthem Inc. agreed to pay $115 million to address claims resulting from a 2015 cyberattack. The attack impacted data of 78.8 million people- both current and former customers and employees. The compromised information included names, birthdates, Social Security Numbers, medical IDs, street and email addresses. It led to an investigation by the FBI.
Anthem did not admit any wrongdoing in the settlement. The agreement requires Anthem to set aside money to buy at least two years of credit monitoring services for those who joined the suit, or pay up to $50 per class member for those who already have credit monitoring. It also requires Anthem to provide funds to help protect personal information over the next three years.
Employers should review their security posture to put themselves in the best possible position to avoid a cyber incident.