Health insurer Anthem has today agreed to pay $115m to settle a class-action suit brought on by its 2015 cyber-theft of 78.8 million records.
The settlement fund will be used to cover damage costs incurred by people who had personal information including their names, dates of birth, addresses, and medical ID numbers stolen when, in 2015, Anthem was hit by hackers.
While credit card details and medical records were not accessed, the exposed personal information was serious enough that credit monitoring services have been given to affected customers.
Now, after two years of legal wrangling, a settlement package has been agreed on and put forward for court approval. Judge Lucy Koh will review the proposal and sign off on the deal or send it back to be re-written.
"After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses," lead attorney Eve Cervantez said.
As is usually the case with settlements, Anthem will not have to admit to any wrongdoing.
If you were one of those hit by the intrusion, don't expect a big payout. Plenty of others will be getting their cuts first. According to the terms of the settlement, a full third of the package ($37,950,000) has been earmarked to cover attorney fees.
An additional $17m will be paid out to Experian, who is handling the credit and identity monitoring services for victims. Any taxes the government levies on the $115m payout will also be deducted from the fund itself.
After all that, people affected will be able to fill out the necessary forms to claim a share of the settlement, including coverage of out-of-pocket expenses they have incurred from the breach (but only up to $15m – beyond that no more out-of-pocket claims will be accepted).
The timeline for submitting claims will be decided after (and if) the settlement deal is approved. ®