Anthem subsidiaries facing Missouri lawsuit over recent data breach
A Missouri lawsuit seeking class-action status accuses three insurance agencies of failing to safeguard sensitive consumer data from hackers who recently breached health insurer Anthem Inc.'s computer networks.
A lawsuit first filed in February in St. Louis County on behalf of a Richmond, Missouri, woman was amended Tuesday to add three plaintiffs who allege personal data stolen during the breach in December or January is responsible for fraudulent tax returns filed in their name, costing them a combined $6,753 in refunds.
The Missouri suit alleges that compromised Anthem database information including names, employment details and Social Security numbers of nearly 100 million consumers "is now in the hands of thieves." The 10-count lawsuit, seeking unspecified damages, estimates that 1.5 million Missourians could be part of the lawsuit, if a judge signs off on the litigation as a class action.
The defendants' failure to ward off hackers, the lawsuit claims, "has carved a wide tail of substantial customer harm and injuries to consumers across the United States," and "further instances of identity theft are certainly impending and imminent."
Anthem, the nation's second-biggest health insurance provider, said in an emailed statement Tuesday to The Associated Press that it has no evidence that the hackers shared or sold any of the data involving its current or past customers, or that fraud has occurred against its members. Anthem, which declined to specifically discuss the Missouri lawsuit, added that it is offering free credit monitoring, special identity-protection services for insured children and help from investigators in tracking down fraud to people who may be affected.
Anthem, which recently changed its name from WellPoint, runs Blue Cross Blue Shield plans in more than a dozen states, including California, New York and Ohio. Lawsuits similar to the Missouri one that names Anthem subsidiaries RightChoice Managed Care Inc., HMO Missouri Inc. and Healthy Alliance Life Insurance Company Inc. have been filed in other states, including neighboring Kansas.
Anthem, which has said all of its product lines were affected by the breach, sells mainly private individual and group health insurance, plans on the health care overhaul's public insurance exchanges and Medicare and Medicaid coverage. It also offers life insurance and dental and vision coverage.
This wasn't Anthem's first security breach.
In 2013, the insurer agreed to pay $1.7 million to resolve allegations it left the information of more than 612,000 members available online because of inadequate safeguards. The U.S. Department of Health and Human Services said that security weaknesses in an online application database left names, birthdates, addresses, telephone numbers, Social Security numbers, and health data accessible to unauthorized users.