Anthem didn’t have to wait long to start seeing the first consumer lawsuits around the massive cyber attack it suffered earlier this week.
At least two customers who said their data had been compromised in the hack filed potential class-action lawsuits against the second-largest health insurer in the U.S. On Thursday, just one day after Anthem (ANTM) said hackers made off with the personal information of tens of millions of its current and former customers.
The lawsuits, which could eventually be consolidated with other similar complaints in a class action, allege that Anthem did not take appropriate measures to encrypt its customers’ data prior to the hack. Both plaintiffs argue that Anthem took money from its customers with the understanding that the company would take sufficient measure to protect their personal information.
Indianapolis-based Anthem, which was known as WellPoint until last December, said Wednesday evening that it had discovered a massive data breach that potentially exposed personal information for up to 80 million people, including its nearly 40 million current customers. The data that could have been exposed includes customers’ names, social security numbers, contact information, member IDs, and even their salaries and other employment information.
On Thursday, The Wall Street Journal reported that Anthem did not encrypt customer data — including social security numbers, addresses and phone numbers — in an article that cites an anonymous source. By not scrambling that data, WSJ noted, Anthem could have made it much easier for hackers to read customers’ personal information.
The two lawsuits filed Thursday do not specifically address the Journal report, but they both allege that Anthem either failed to encrypt its data, or did not do so adequately. In her complaint filed in California, plaintiff Susan Morris noted that the data stolen from Anthem could allow hackers to perpetrate any number of forms of identity theft, from applying for credit cards to obtaining a loan under her name. “It appears that Anthem’s security system did not involve encrypting Social Security numbers and birth dates –- two of the most valuable pieces of information that a thief can have,” Morris’ complaint reads.
[Coins2Day-brightcove videoid=3862600021001]
The lawsuit filed by Danny Juliano in Alabama claims that what security procedures Anthem did have “failed to adhere to reasonable and best industry practices in safeguarding [customers’ personal information].”
The plaintiffs are suing Anthem for alleged claims ranging from breach of contract to negligence and violations of data breach laws. Both lawsuits seek various unspecified damages as well as restitution for any costs for potential identity theft.
An Anthem spokesman did not immediately respond to Coins2Day’s request for comment on the lawsuits.
Last summer, the FBI issued a warning stating that the health care industry may be targeted by hackers after a series of high-profile attacks hit other industries, including the retail and financial sectors.
Target (TGT) and Home Depot (HD) both suffered large-scale cyber attacks in recent years that compromised personal data belonging to millions of customers and, in each case, the breach resulted in a swarm of ongoing consumer lawsuits.
[Coins2Day-brightcove videoid=3857150830001]