(Boise) – Attorney General Lawrence Wasden today announced Idaho’s participation in a $39.5 million multistate settlement with health insurance provider Anthem, Inc. The 43-state settlement stems from Anthem’s 2014 data breach that exposed the personal information of 78.8 million Americans. The settlement requires Anthem to implement data security and good governance provisions that will better protect consumers’ personal information.

In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014, using malware installed through a phishing email. The attackers accessed Anthem’s data warehouse and harvested consumers’ names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information. In Idaho, more than 100,000 residents were affected by the breach.

Under the settlement, Anthem has agreed to a series of provisions to strengthen its security practices going forward. Anthem will also pay the Office of the Attorney General $175,618 for attorney’s fees and investigative costs.

“The protection of Idahoans’ personal information is of paramount importance to my office,” Wasden said. “This settlement illustrates my commitment to holding companies accountable for security breaches that result in the loss of consumers’ private data.”

The new settlement follows a previous class action settlement in 2017 that established a $115 million fund to pay for additional credit monitoring, cash payments and reimbursement for out-of-pocket losses for affected consumers. The deadlines for consumers to submit claims under that settlement have since passed.

###