The largest settlement for a data breach is about to be paid out. Health insurance company Anthem will hand over US$ 115 million (£90,231,000) to reimburse customers whose data was stolen in 2015.
Anthem was hit in 2015 and nearly 80 million customer records were stolen when hackers accessed the social security numbers, emails, addresses and whole host of other personally identifiable information.
As the US' second largest health insurance company, Anthem was storing the records of tens of millions at the time of the breach across a variety of brands including Anthem Blue Cross, Amerigroup, Caremore, Unicare and DeCare among others. Scores of lawsuits were brought against its various brands and this settlement represents the combined efforts of over 100 lawsuits.
After two years of litigation, the parties have finally come to a settlement, which is still to be approved by presiding Judge Lucy Koh.
On an individual basis, this is not exactly a payday bonanza for the victims of the breach. The damages will mostly pay for credit monitoring services, which victims may forgo for US$ 50 (£39.20) in cash.
A third of the settlement, 38 million will be going towards attorney's fees and the US government may also levy tax on the sum too.
Though Anthem will be paying out the record amount, the settlement emphasises that this payment is in no way an admission of guilt.
Data breach settlements have often been low, if won at all. The nature of the cyber-crime that results from such mega breaches is often hard to quantify. In many cases, plaintiffs argue that though the exposure of their data has not yet been exploited by cyber-criminals it could or will result in exploitation. Their damage claims are often nullified by relatively inexpensive offers of credit monitoring services by the breached body.
There has not yet been any proof that the stolen information has been sold or used; it has been theorised that the breach was not financially motivated. The California department of insurance said earlier in the year that it believes the Anthem breach to be the work of a “foreign government.”