Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anthem To Pay $115 Million In The Largest Data Breach Settlement Ever (cnet.com)

Posted by EditorDavid on from the seeing-you-in-court dept.

An anonymous reader quotes CNET: Anthem, the largest health insurance company in the U.S., has agreed to settle a class action lawsuit over a 2015 data breach for a record $115 million, according to lawyers for the plaintiffs. The settlement still has to be approved by US District Court Judge Lucy Koh, who is scheduled to hear the case on August 17 in San Jose, California. And Anthem, which didn't immediately respond to a request for confirmation and comment, isn't admitting any admitting any wrongdoing, according to a statement it made to CyberScoop acknowledging the settlement.

But if approved, it would be the largest data breach settlement in history, according to the plaintiffs' lawyers, who announced the agreement Friday. The funds would be used to provide victims of the data breach at least two years of credit monitoring and to reimburse customers for breach-related expenses. The settlement would also guarantee a certain level of funding for "information security to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," the plaintiff attorneys said.
The breach compromised data for 80 million people, including their social security numbers, birthdays, street addresses (and email addresses) as well as income data. The $115 million settlement averages out to $1.43 for every person who was affected.

30 of 56 comments (clear)

  1. Credit monitoring? by Anonymous Coward · · Score: 2, Insightful

    They courts still haven't figured out a legitimate way to compensate or help affected individuals if they're still just trying to fund credit monitoring.
    Companies with breaches like this should face real, tangible consequences. :-/

    1. Re:Credit monitoring? by gweihir · · Score: 2

      Prison time for those responsible in management, up to and including the CEO. Before that happens, nothing will change.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Credit monitoring? by ShanghaiBill · · Score: 1, Insightful

      Prison time for those responsible in management, up to and including the CEO.

      This kind of idiotic attitude is why America spends $100 Billion per year on prisons, nearly as much as the rest of the world combined. No, people should not go to prison for incompetence.

    3. Re: Credit monitoring? by Anonymous Coward · · Score: 1

      Yes they should. Incompetent doctor kills every patient they work on? Should they go to prison? Why should it be any different for corporate personhood?

    4. Re:Credit monitoring? by godel_56 · · Score: 1

      Prison time for those responsible in management, up to and including the CEO.

      This kind of idiotic attitude is why America spends $100 Billion per year on prisons, nearly as much as the rest of the world combined. No, people should not go to prison for incompetence.

      While the US does put way too many people in prison, this is not one of those cases. For those in power at the company, these fines are no punishment at all. The company is probably insured and any shortfall will be covered by shareholders, while the CEOs etc. will carry on getting the same or increased salaries and bonuses as usual, and the company's articles may make it almost impossible to vote them out (Mylan).

      Only the possibility of real PERSONAL penalties that they can't insure against or just claim as a tax loss will serve to "concentrate the minds" of those in charge.

    5. Re:Credit monitoring? by Anonymous Coward · · Score: 1

      While I appreciate the instinct to blame all of upper management, it is usually tricky to determine actual fault. For example, I've personally had a conversation such as this:

      CTO: Our PCI auditors have found significant vulnerabilities in our infrastructure. We need to buy some new devices, they will cost $XX
      CEO: Get some new auditors.
      CTO: Honestly, I think I agree with them, and I'm worried about a data breach.
      CEO: But we have firewalls right?
      CTO: That's not the point, there are many other points of weakness that have nothing to do with firewalls.
      CEO: OK you need to shore this up with better procedures. You're in charge, keep me updated on your progress.
      CTO: Um, maybe my team could implement a stop-gap solution, but I'm under staffed and would have to discontinue coverage in some other area
      CEO: You're saying you can't handle this responsibility, maybe we need to transfer these responsibilities to [other manager]
      CTO: He knows nothing about infosec and doesn't even comprehend these issues
      CEO: Well if you're the best man for the job, better get going
      CTO: Sigh...

    6. Re: Credit monitoring? by Anonymous Coward · · Score: 1

      ...
      CTO: The reason I am available for new placement is because I quit my previous position because my former employer was being .. Shall we say, "more optimistic" in their risk tolerance than I felt was ethical.

      Agency: That's great. Usually we just hear from some fat slob who thinks he got fired because his boss was envious of his 1500 calorie diet.

    7. Re:Credit monitoring? by phantomfive · · Score: 1

      At a large company like Anthem, the CTO needs to be assertive. He needs to make it clear to the CEO what the options are, and what it will cost to make things secure.

      --
      "First they came for the slanderers and i said nothing."
    8. Re:Credit monitoring? by gweihir · · Score: 1

      I disagree. Top management should most definitely go to prison for gross incompetence or intent. And, quite frankly, it can only be one of the two if the screw-up is so extreme. If there are just fines, the C-level executives responsible will not even feel them. That is the reason why prison-time is required here. I do agree that the US is imprisoning far to many people, but these here cannot be impressed any other way, because they cannot simply buy their way out of that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:Credit monitoring? by gweihir · · Score: 1

      And that is exactly the point.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    10. Re:Credit monitoring? by gweihir · · Score: 1

      Well, if upper management had real risks of suffering for them not fixing things, maybe the competent ones would cut through the crap and the incompetent ones would get weeded out fast. That would be massively better than the dysfunctional system now in place.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:Credit monitoring? by unrtst · · Score: 1

      Start sending the CEO's/CTO's/etc to prison when stuff like this happens, and I assure you that their prisons will start looking a lot nicer. Repeat and spread them out to improve all our prisons.

  2. $1.43 for every person who was affected. by charliemerritt03 · · Score: 1

    Every person NEGATIVELY affected will have more than $1.43 in damages - far mor

  3. No prison time? They got away cheap! by gweihir · · Score: 1

    For this minuscule amount per customer exposed, they will likely happily do it all again...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:No prison time? They got away cheap! by interkin3tic · · Score: 1

      No no, see the free market will work, customers will simply take their business elsewhere! They'll choose one of the health insurance providers that keeps their data secure!

      (this is sarcasm)

  4. WOW...Are you kidding ????? by sit1963nz · · Score: 4, Insightful

    So a pirated music file is worth tens of thousands of dollars, but a persons confidential medical history is worth $1.43

    wow.....just effing wow.

    And here is the funny part, the $110 million is probably considered a tax deductible expense, so the victims are in effect paying themselves a portion of the compensation.

    Seems this is true.
    Being in power is not so you can punish the poor, its to ensure the rich don't get punished.

    1. Re:WOW...Are you kidding ????? by Anonymous Coward · · Score: 5, Informative

      So a pirated music file is worth tens of thousands of dollars, but a persons confidential medical history is worth $1.43

      I'm actually surprised by this. Do a Google search for "cost of data breach" ... first hit is an IBM report. Take with a grain of salt, but, they claim it should be $141 per record on average.

      So, looks like Anthem got a ~99% discount somehow - it should have cost $11.2 billion.

    2. Re:WOW...Are you kidding ????? by guruevi · · Score: 1

      Exactly, this information goes on the black market for ~$10/record in bulk to several $1000/record for celebrities and others. $110M over the last 2 decades and probably another decade in the future (any further hacks for the foreseeable future will just be chalked up with this) is less than the cost of hiring a decent team of IT people.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    3. Re:WOW...Are you kidding ????? by Zontar_Thing_From_Ve · · Score: 1

      So a pirated music file is worth tens of thousands of dollars, but a persons confidential medical history is worth $1.43

      The major reason this is true is that a small number of cases with delusional defendants and incompetent lawyers lost big time. I'm too lazy to look up her name, but there is some lady who lost 3 times in court and every loss ended up being worse than the one before. She basically admitted in court that she shared the files in question and the last time she went she had law school students (no joke) as her lawyers. The students talked smack before the trial about how it was going to be a slam dunk to win it and they got her her worst loss ever. The cases I've known where defendants won was when they had good lawyers and they denied personally sharing the files in question. One case involved a guy who ran a home for senior citizens and his lawyers showed that the wifi there wasn't secured and the plaintiffs couldn't explicitly prove that he and only he could be responsible for the files being shared. Ever major loss I've ever read about involved defendants who admitted that they shared the files, refused to settle the case outside of court for a fraction of what they ended up paying with a loss in court, and basically seemed to think they would win in court simply because ... magic.

    4. Re:WOW...Are you kidding ????? by sit1963nz · · Score: 1

      Irrelevant, that is the part about being found guilty.

      Once they have been found guilty is costs a damn sight more than $1.43 for a music file.

      The justice system is no longer blind, its seriously skewed towards benefitting the rich.

    5. Re:WOW...Are you kidding ????? by bill_mcgonigle · · Score: 1

      In every democracy, people vote to give other people power to give them what they think is free shit. People being people, they sell that power instead to the highest bidder, because those people in power want free shit. The corporations and special interests buy that power because they want free shit.

      Eventually everything ends in fire and the cycle repeats itself, as long as nobody learns their history lessons.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. Correction by Solandri · · Score: 2

    The $115 million settlement averages out to $1.43 for every person who was affected.

    Class action lawyers get about 15% of the total settlement amount. So the actual breakdown is $17.25 million to the lawyers, $1.22 for each person affected.

  6. And administrative fees by Okian+Warrior · · Score: 3, Informative

    Reading the settlement agreement provides the following disbursement

    As further described in this Agreement, the Settlement Fund shall be used by the Settlement Administrator to pay for:
    (a) all reasonable Administrative Expenses;
    (b) the Taxes described in Sections 3;
    (c) Service Payments award by the Court, as described in Section 11;
    (d) attorneys’ fees and costs approved by the Court, as described in Section 12;
    (e) Credit Services as described in Section 4;
    (f) Alternative Compensation as described in Section 5;
    (g)Out-of-Pocket Costs as described in Section 6.

    So the fund also covers taxes and administrative expenses, such as putting up a website where class members can go to register to get their money.

  7. Anthem is worth $50.39 Billion as of June 25 2017 by Required+Snark · · Score: 3, Informative
    That is their market capitalization today.

    The fine is 0.23% of their market value, and has someone else pointed out it is tax deductible. Additionally it is not a single payment, so it will be spread out over two or more years.

    This will have zero impact on the economics of the company, which means it will have zero deterrent effect on Anthem or any other busness in their sector. Or for any other business in the US, for that matter.

    It is, in short, a joke.

    --
    Why is Snark Required?
  8. Re:Anthem is worth $50.39 Billion as of June 25 20 by phantomfive · · Score: 1

    Market capitalization is only vaguely related to a company's actual value, and even less to their day-to-day cash flow, revenue and profits.

    --
    "First they came for the slanderers and i said nothing."
  9. Re: $1.43? Unlikely. by James_Duncan8181 · · Score: 1

    This community - and you - are really quite disgustingly prejudiced.

    --
    "To any truly impartial person, it would be obvious that I am right."
  10. Ridiculously paltry sum. by Ihlosi · · Score: 2

    This is not going to hurt, so nothing will change.

    1. Re:Ridiculously paltry sum. by Jerrry · · Score: 1

      I wonder how many people would obey the speed limits if the fine was $0.25 with no points?

      Fining big corporations like Anthem will only work if the fines are in the multi billion range, not a few million, or even a hundred million.

  11. Re:Anthem is worth $50.39 Billion as of June 25 20 by Required+Snark · · Score: 1
    So what? What's your point?

    Are you being a Slashdot Pundit and pointing out something of limited relevance or are you defending them? Do you think the fine is adequate and our system for regulating incompetent corporations is working correctly? Are you trying to make another point entirely?

    You have added no value to the conversation, except to get your name posted. Even posting something overtly wrong would be better then venting something so vapid.

    Get your game together, this is Slashdot. We say outrageous things and engage in verbal knife fights. For example, if Slashdot was a ride at the county fair your would not be allowed on because you are too short to hang with adults; go over to the petting zoo with the baby farm animals, it's more your speed. That, or something more cutting is where you should be, not this pseudo-intellectual crap.

    --
    Why is Snark Required?
  12. Re:Anthem is worth $50.39 Billion as of June 25 20 by phantomfive · · Score: 1

    So what? What's your point?

    The point is that if you're going to try to decide if this will hurt the company or not, you should look at either income before tax, current assets, or cash flow. Those numbers are easy to find and will give you a much more accurate picture of how much it will hurt the company. I'll even link to them for you, to make your life easier, here you go, enjoy.

    --
    "First they came for the slanderers and i said nothing."