Courthouse News Service reports that a class action claim has been filed against insurance giant Aetna as a result of the recent security breach in which hackers gained access to personal information about 450,000 employees, former employees and potential employees. At the time, Aetna stated that the incident exposed the SSN of approximately 65,000 people.
The plaintiff is Corneilus Allison of Pennsylvania. Allison is a former employee of Aetna who had used the web site in January to apply for another position and was subsequently notified of the breach. Allison is represented by Sherrie Savett with Berger & Montague.
The lawsuit (pdf), which was filed in U.S. District Court for the Eastern District of Pennsylvania, alleges negligence, breach of implied contract, negligent misrepresentation, and invasion of privacy.
At the time of Aetna’s announcement of the breach, the only known misuse of the information appeared to be that some people received phishing attempts. It is not known at this time whether data were misused in any other way, and the claim does not include any information that would suggest that the plaintiff is aware of any ID theft or misuse other than the previously reported phishing attempts.
Previous class action lawsuits have generally not been successful, with courts dismissing suits against Wells Fargo, Acxiom, and Hannaford Bros. in the absence of showing of unreimbursed financial harm to plaintiffs.
Neither Allison’s attorney nor Aetna were available for comment on the lawsuit at the time of this publication.
Update: I received the following statement from Aetna spokesperson Cynthia
Michener:
Aetna did the right thing by proactively notifying people about this incident and offering free credit monitoring, even though our independent IT security consultant has not determined that any information was accessed beyond email addresses. It’s unfortunate that we’re being sued for acting with integrity and honesty.