Holy crap, that is a huge friggin' payout.
Health insurance giant Anthem Inc. will cough up $US115 ($152) million to end a court battle over a 2015 data breach that exposed the sensitive information of nearly 80 million Americans. That's a new record, for those of you keeping count. (Target, for example, settled for a measly $US18.5 ($24) million last month after a breach exposed the payment cards of 41 million customers.)
May that figure serve as a warning to other companies that think security isn't worth the investment. Americans are sick and tired of constantly getting notices about how their social security numbers and credit cards have been compromised. Sure, the company has agreed to pay for credit monitoring for the millions of people affected by the breach — but as anyone whose house has ever burned down can tell you, insurance is not a magic wand. Hire a damn security professional and, for chrissakes, pay them more than the guy who shows up to refill your vending machines.
Whew. Anyway, moving on...
Anthem has also agreed to guarantee "a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls," according to Cyberscoop. No doubt doing so prior to 2015 would have saved both the company and its customers a whole mess of grief.
Most of the money will pay for the aforementioned credit monitoring, although roughly $US38 ($50) million will go toward attorneys' fees, so at least someone other than dark net criminals will profit from this catastrophe. Victims already enrolled in a credit monitoring service (because, let's face it, who isn't at this point) may opt to receive a check instead — probably somewhere in the neighbourhood of $US50 ($66).
As part of the settlement, Anthem will not formally recognise any wrongdoing on its part, which is pretty standard in these types of deals. The terms, however, still have to be approved by the San Jose judge presiding over the case, which represents an amalgamation of more than 100 lawsuits brought against Anthem since the breach.
While the Anthem incident was allegedly a hack that didn't involve any medical records or credit card details, approximately 79 million people had their personal information compromised, including names, addresses, birthdates, and social security numbers. But at least Anthem learned a lesson. Hopefully, others will too.