WellPoint reaches preliminary settlement on possible data breach affecting 600,000

Under the settlement, WellPoint agreed to offer credit monitoring services for two years to all affected individuals, according to a report by amednews.com.

The company agreed to reimburse affected individuals up to $50,000 for any identity theft losses; individuals have until May 31, 2016, to file an identity theft loss claim. The company also agreed to donate a total of $250,000 to two nonprofit organizations whose efforts are directed at protecting consumers' privacy on the Internet, according to the report.

The situation came to light when an applicant to WellPoint-owned Anthem Blue Cross of California sued the company in March 2010, according to a report by amednews.com. The applicant said he was able to manipulate the web address within the site and gain access to other applicants’ information, including names, addresses, dates of birth, social security numbers, and health and financial information.

When the class-action lawsuit was filed, the company said an upgrade to its system caused the information to be exposed. A third-party vendor had said that security measures were in place, when if fact they were not.

A hearing is scheduled for November at which time the court will decide whether to approve the settlement, the report noted.

Last month, WellPoint agreed to pay $100,000 in fines for delaying notification to 32,000 Indiana customers affected by a possible data breach in a settlement with the Indiana Attorney General.

What’s Hot on Infosecurity Magazine?