Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Businesses Medicine The Courts

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever (cnet.com) 56

An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn't immediately respond to a request for confirmation and comment, isn't admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement.

But if approved, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for "information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," the plaintiff attorneys said.

The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected.
This discussion has been archived. No new comments can be posted.

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever

Comments Filter:
  • Credit monitoring? (Score:2, Insightful)

    by Anonymous Coward

    They courts still haven't figured out a legitimate way to compensate or help affected individuals if they're still just trying to fund credit monitoring.
    Companies with breaches like this should face real, tangible consequences. :-/

    • by gweihir ( 88907 )

      Prison time for those responsible in management, up to and including the CEO. Before that happens, nothing will change.

      • Re: (Score:1, Insightful)

        Prison time for those responsible in management, up to and including the CEO.

        This kind of idiotic attitude is why America spends $100 Billion per year on prisons, nearly as much as the rest of the world combined. No, people should not go to prison for incompetence.

        • by Anonymous Coward

          Yes they should. Incompetent doctor kills every patient they work on? Should they go to prison? Why should it be any different for corporate personhood?

        • Prison time for those responsible in management, up to and including the CEO.

          This kind of idiotic attitude is why America spends $100 Billion per year on prisons, nearly as much as the rest of the world combined. No, people should not go to prison for incompetence.

          While the US does put way too many people in prison, this is not one of those cases. For those in power at the company, these fines are no punishment at all. The company is probably insured and any shortfall will be covered by shareholders, while the CEOs etc. will carry on getting the same or increased salaries and bonuses as usual, and the company's articles may make it almost impossible to vote them out (Mylan).

          Only the possibility of real PERSONAL penalties that they can't insure against or just claim

        • by gweihir ( 88907 )

          I disagree. Top management should most definitely go to prison for gross incompetence or intent. And, quite frankly, it can only be one of the two if the screw-up is so extreme. If there are just fines, the C-level executives responsible will not even feel them. That is the reason why prison-time is required here. I do agree that the US is imprisoning far to many people, but these here cannot be impressed any other way, because they cannot simply buy their way out of that.

        • by unrtst ( 777550 )

          Start sending the CEO's/CTO's/etc to prison when stuff like this happens, and I assure you that their prisons will start looking a lot nicer. Repeat and spread them out to improve all our prisons.

      • by Anonymous Coward

        While I appreciate the instinct to blame all of upper management, it is usually tricky to determine actual fault. For example, I've personally had a conversation such as this:

        CTO: Our PCI auditors have found significant vulnerabilities in our infrastructure. We need to buy some new devices, they will cost $XX
        CEO: Get some new auditors.
        CTO: Honestly, I think I agree with them, and I'm worried about a data breach.
        CEO: But we have firewalls right?
        CTO: That's not the point, there are many other points of weak

        • by Anonymous Coward

          ...
          CTO: The reason I am available for new placement is because I quit my previous position because my former employer was being .. Shall we say, "more optimistic" in their risk tolerance than I felt was ethical.

          Agency: That's great. Usually we just hear from some fat slob who thinks he got fired because his boss was envious of his 1500 calorie diet.

        • At a large company like Anthem, the CTO needs to be assertive. He needs to make it clear to the CEO what the options are, and what it will cost to make things secure.
        • by gweihir ( 88907 )

          Well, if upper management had real risks of suffering for them not fixing things, maybe the competent ones would cut through the crap and the incompetent ones would get weeded out fast. That would be massively better than the dysfunctional system now in place.

  • Every person NEGATIVELY affected will have more than $1.43 in damages - far mor
  • For this minuscule amount per customer exposed, they will likely happily do it all again...

    • No no, see the free market will work, customers will simply take their business elsewhere! They'll choose one of the health insurance providers that keeps their data secure!

      (this is sarcasm)
  • by sit1963nz ( 934837 ) on Sunday June 25, 2017 @04:28PM (#54688159)
    So a pirated music file is worth tens of thousands of dollars, but a persons confidential medical history is worth $1.43

    wow.....just effing wow.

    And here is the funny part, the $110 million is probably considered a tax deductible expense, so the victims are in effect paying themselves a portion of the compensation.

    Seems this is true.
    Being in power is not so you can punish the poor, its to ensure the rich don't get punished.
    • by Anonymous Coward on Sunday June 25, 2017 @05:03PM (#54688263)

      So a pirated music file is worth tens of thousands of dollars, but a persons confidential medical history is worth $1.43

      I'm actually surprised by this. Do a Google search for "cost of data breach" ... first hit is an IBM report. Take with a grain of salt, but, they claim it should be $141 per record on average.

      So, looks like Anthem got a ~99% discount somehow - it should have cost $11.2 billion.

    • by guruevi ( 827432 )

      Exactly, this information goes on the black market for ~$10/record in bulk to several $1000/record for celebrities and others. $110M over the last 2 decades and probably another decade in the future (any further hacks for the foreseeable future will just be chalked up with this) is less than the cost of hiring a decent team of IT people.

    • So a pirated music file is worth tens of thousands of dollars, but a persons confidential medical history is worth $1.43

      The major reason this is true is that a small number of cases with delusional defendants and incompetent lawyers lost big time. I'm too lazy to look up her name, but there is some lady who lost 3 times in court and every loss ended up being worse than the one before. She basically admitted in court that she shared the files in question and the last time she went she had law school students (no joke) as her lawyers. The students talked smack before the trial about how it was going to be a slam dunk to w

      • Irrelevant, that is the part about being found guilty.

        Once they have been found guilty is costs a damn sight more than $1.43 for a music file.

        The justice system is no longer blind, its seriously skewed towards benefitting the rich.
    • In every democracy, people vote to give other people power to give them what they think is free shit. People being people, they sell that power instead to the highest bidder, because those people in power want free shit. The corporations and special interests buy that power because they want free shit.

      Eventually everything ends in fire and the cycle repeats itself, as long as nobody learns their history lessons.

  • by Solandri ( 704621 ) on Sunday June 25, 2017 @04:51PM (#54688217)

    The $115 million settlement averages out to $1.43 for every person who was affected.

    Class action lawyers get about 15% of the total settlement amount. So the actual breakdown is $17.25 million to the lawyers, $1.22 for each person affected.

    • by Okian Warrior ( 537106 ) on Sunday June 25, 2017 @05:09PM (#54688291) Homepage Journal

      Reading the settlement agreement [girardgibbs.com] provides the following disbursement

      As further described in this Agreement, the Settlement Fund shall be used by the Settlement Administrator to pay for:
      (a) all reasonable Administrative Expenses;
      (b) the Taxes described in Sections 3;
      (c) Service Payments award by the Court, as described in Section 11;
      (d) attorneys’ fees and costs approved by the Court, as described in Section 12;
      (e) Credit Services as described in Section 4;
      (f) Alternative Compensation as described in Section 5;
      (g)Out-of-Pocket Costs as described in Section 6.

      So the fund also covers taxes and administrative expenses, such as putting up a website where class members can go to register to get their money.

  • by Required Snark ( 1702878 ) on Sunday June 25, 2017 @05:59PM (#54688483)
    That is their market capitalization today.

    The fine is 0.23% of their market value, and has someone else pointed out it is tax deductible. Additionally it is not a single payment, so it will be spread out over two or more years.

    This will have zero impact on the economics of the company, which means it will have zero deterrent effect on Anthem or any other busness in their sector. Or for any other business in the US, for that matter.

    It is, in short, a joke.

    • Market capitalization is only vaguely related to a company's actual value, and even less to their day-to-day cash flow, revenue and profits.
      • So what? What's your point?

        Are you being a Slashdot Pundit and pointing out something of limited relevance or are you defending them? Do you think the fine is adequate and our system for regulating incompetent corporations is working correctly? Are you trying to make another point entirely?

        You have added no value to the conversation, except to get your name posted. Even posting something overtly wrong would be better then venting something so vapid.

        Get your game together, this is Slashdot. We say outrage

        • So what? What's your point?

          The point is that if you're going to try to decide if this will hurt the company or not, you should look at either income before tax, current assets, or cash flow. Those numbers are easy to find and will give you a much more accurate picture of how much it will hurt the company. I'll even link to them for you, to make your life easier, here you go [google.com], enjoy.

  • by Ihlosi ( 895663 ) on Monday June 26, 2017 @02:27AM (#54689901)
    This is not going to hurt, so nothing will change.
    • by Jerrry ( 43027 )

      I wonder how many people would obey the speed limits if the fine was $0.25 with no points?

      Fining big corporations like Anthem will only work if the fines are in the multi billion range, not a few million, or even a hundred million.

One person's error is another person's data.

Working...