Tag Archives: data loss

Breach Brief – Anthem Incorporated

anthemIn one of the largest data breaches in corporate history Anthem medical insurers lost the information of more than 80 million customers including the company’s CEO. The information stolen includes names, birthdays, medical IDs, Social Security numbers, street addresses, email addresses and employment information and income data.

Anthem is the second-largest health insurer in the United States. The company offers insurance plans that include Anthem Blue Cross, Anthem Blue Cross and Blue ShieldAmerigroup and Healthlink.

The company reported it has found no evidence that credit card or medical information was compromised. While damage is still being assessed, the compromised database contained up to 80 million customer records.

Anthem has promised to notify all current and former customers individually if their data has been stolen. The company began the process notifying customers of the breach as early as late Wednesday. Customers affected by the breach will receive free credit monitoring and identity protection services.

In a statement company CEO Joseph Swedish admitted that his information was also lost in the data breach. “Anthem’s own associates’ personal information, including my own, was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.”

According to the company the breach resulted from a “very sophisticated external cyber attack,” and added that law enforcement agencies were investigating to identify the perpetrator. The company has hired Mandiant, a leading cybersecurity firm, to help in the investigation.

The Federal Bureau of Investigation said that it was aware of the intrusion and was investigating the matter. 

Anthem has created a website for its current and former customers  to get information about the incident at www.AnthemFacts.com. They can also call 877-263-7995.

Game Changer; Florida Court Rules On Settlement for Data Loss

avmed-individual

In a precedent setting case a Florida Court has approved a settlement against Avmed  for a data loss.The decision was handed down by the U.S. Court of Appeals for the 11th District of Florida.

AvMed, a health insurer, had two laptop c0mputers stolen in 2009 that contained the names and personal health information of as many as 1.2 million of its customers. But only 460,000 will receive payments. The information was not encrypted. None of the consumer/plaintiffs suffered identity theft or any other direct losses. However they blamed AvMed for breach of contract and fiduciary duty, negligence and unjust enrichment. 

Courts do not normally side with the consumer in data breach cases. Most rulings have been decided on the fact that, although information was lost, no direct harm came to the consumer. At least none that could be proven and the court would not rule on future damages.  This was the first case where the plaintiffs won without evidence of actual loss.  The U.S. District Court for the Southern District of Florida originally dismissed the case.  The case was appealed and the plaintiffs won that appeal. AvMed’s second attempt at a dismissal failed forcing the $3 million settlement. Other requirement of the settlement are;

  • Mandatory security awareness and training programs for all company employees;
  • Mandatory training on appropriate laptop use and security for all company employees whose employment responsibilities include accessing information stored on company laptop computers;
  • Upgrading of all company laptop computers with additional security mechanisms, including GPS tracking technology;
  • New password protocols and full disk encryption technology on all company desktops and laptops so that electronic data stored on such devices would be encrypted at rest;
  • Physical security upgrades at company facilities and offices to further safeguard workstations from theft;
  • Review and revision of written policies and procedures to enhance information security.

This ruling is a clear precedent for future data breach cases. The decision sends the message that customers’ expect companies to protect their information and invest in data security.

Breaking It Down!

How many black people have lost data? Do you shop at Target?  How about Sally Beauty Supply? Then you have. Here is where the game changes people. If you get a letter in the mail saying someone you do business with has suffered a data breach and your information was compromised; you have a case. Get a lawyer! This decision means that precedent has been set and believe me a lot of companies will take notice. In the past they would offer you credit monitoring. Let me tell you, credit monitoring is nothing! Now a court has agreed with the consumer that data breaches have become intolerable. The key to this decision, and why it is so important, is no evidence of loss was present. In the past you had to prove some damage. This settlement has changed that.

The Florida Court of appeals has changed the legal landscape and the lawyers will be all over the next major data breach. Or any data breach. Companies that suffer data breaches will begin bleed cash and they know it. OK, $3 million isn’t much but no no company wants to be next to face a court after this decision. The courts have to consider the legal precedent set here. You, as a consumer, need to get in on the next class action lawsuit that involves a data breach. It’s money that these corporations understand and if they have to pay you when they lose data then maybe things will change. Go get ’em!