DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Settlement of yet another lawsuit against WellPoint /Anthem Blue Cross gets preliminary approval

Posted on July 18, 2011 by Dissent

If you feel like you need a scorecard to keep track of lawsuits against WellPoint or settlements involving WellPoint, it’s understandable. WellPoint recently settled a lawsuit by the Indiana Attorney General’s Office over delayed notification following a breach that occurred in 2009 and continued until after a customer notified them twice in 2010.   Then they settled a class action lawsuit over an earlier breach that occurred in 2007 and 2008. Now there’s an announcement of a preliminary approval of a settlement oF a class action lawsuit based on the 2009-210 breach:

The Orange County Superior Court (the “Court”) has preliminarily approved a class action settlement in the case entitled Blue Cross of California Website Security Cases, Case No. JCCP 4647, reached with Anthem Blue Cross of California, Anthem Blue Cross Life and Health Insurance Company, The WellPoint Companies, Inc., WellPoint California Services, Inc. and WellPoint Behavioral Health, Inc. (together called “WellPoint/Anthem Blue Cross” or the “Defendants”) in a lawsuit about the potential accessibility of certain personal and financial information contained on individual health insurance applications.  The Court also approved a notice plan to advise the nationwide class of its legal rights, benefits, and options.

The lawsuit alleges that from approximately October 23, 2009, to March 10, 2010, WellPoint/Anthem Blue Cross improperly stored personal information and electronic versions of individual health insurance applications for over 600,000 customers, enrollees or subscribers on its web-based servers without username, password and encryption protections (the “Breach”). This information included personal identifying information and personal health information, such as Social Security numbers, home and office addresses, telephone numbers, credit card numbers and financial information used for premium payments, and other information people may have provided on their health insurance applications.  The lawsuit alleges that WellPoint/Anthem Blue Cross did not adequately protect this information. WellPoint/Anthem Blue Cross denies the claims in the lawsuit. The class settlement does not mean that WellPoint/Anthem Blue Cross did anything wrong.

People included in the settlement are called a “Class” or “Class Members.”  Those who receive a notice about this settlement in the mail and/or email or received a letter from WellPoint regarding this issue between June and August 2010, have been identified as a Class Member. Specifically, the Class includes everyone in the United States, including Puerto Rico, U.S. Virgin Islands and Guam (1) whose private information was on WellPoint/Anthem Blue Cross’ Affected Servers from August 15, 2008, through March 10, 2010, or (2) who received a notification letter from WellPoint/Anthem Blue Cross regarding the alleged failure of WellPoint/Anthem Blue Cross to secure their confidential personal and private information.

Notices informing Class Members about their legal rights will be mailed and emailed directly to them in the weeks leading up to the Court’s November 14, 2011 hearing, where it will consider whether to grant final approval of the settlement.

The Court has appointed Daniel Robinson, Robinson, Calcagnie & Robinson, of Newport Beach, California as Lead Settlement Class Counsel to represent the Class.

In the settlement, Class Members may be entitled to receive, in addition to other benefits, up to two (2) years of Free Debix Credit Monitoring and Identity Theft Insurance (valued at $238.80) at no cost to them (only one (1) year if a Class Member already elected to receive one (1) year of Debix coverage).  Additionally, if a Class Member is found to be a victim of identity theft or loss stemming from the Breach, such a Class Member would be entitled to receive five (5) additional years of monitoring and insurance (valued at $597.00).  Those affected by this settlement can sign up or submit a claim for certain benefits, if eligible, or they can ask to be excluded from, or object to, the settlement.  The deadline for exclusions and objections is October 24, 2011.  The earliest deadline to file claims is September 28, 2011.

A toll-free number, 1-877-527-2354, has been established in the case, along with a website, www.AnthemBlueCrossSecuritySettlement.com, where notices, claim forms, and the settlement agreement may be obtained.  Those affected may also write to WellPoint/Blue Cross Website Security Settlement Administrator, P.O. Box 6177, Novato, CA94948-6177.

Three settlements so far over two breaches. I really do wonder if WellPoint was using the same vendor as had been involved in the 2007-2008 breach. And I wonder if the Connecticut Attorney General decided not to file its own lawsuit against them for delayed notification like Indiana’s Attorney General had. Connecticut had sent a letter of inquiry, investigating, but I never saw any follow-up one way or the other.

Related posts:

  • Settlement of yet another lawsuit against WellPoint /Anthem Blue Cross gets preliminary approval
  • Transparency #FAIL: Why won’t Anthem/Elevance Health answer a simple question about breaches?
  • Blue Cross of Idaho Notice of Privacy Breach
  • Unanswered questions for WellPoint and Congress (commentary)
Category: Health Data

Post navigation

← Toshiba confirms they were hacked; customers notified
Peeking at medical records an issue for health centers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.