U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Anthem agreed to pay $115m to settle a class-action suit brought on by the 2015 data breach

Anthem, the largest US healthcare insurance company, has agreed to pay $115m to settle a class-action suit brought on by the 2015 data breach. Anthem, the largest US healthcare insurance company, has agreed to pay $115m to settle a class-action suit brought on by the 2015 data breach. The attack on Anthem exposed 78.8 million records and according […]

Anthem agreed to pay $115m to settle a class-action suit brought on by the 2015 data breach

Anthem, the largest US healthcare insurance company, has agreed to pay $115m to settle a class-action suit brought on by the 2015 data breach.

Anthem, the largest US healthcare insurance company, has agreed to pay $115m to settle a class-action suit brought on by the 2015 data breach.

The attack on Anthem exposed 78.8 million records and according to experts that investigated the case, it was probably not a smash-and-grab raid but instead a sustained, low-key siphoning information over a period of months.  The attack was conducted to stay below the radar of the company’s IT and security teams, using a bot infection to exfiltrate data out of the organization.

The records include names, dates of birth, addresses, and medical ID numbers, financial and medical records were not exposed.

Investigators reported that customized malware was used to infiltrate Anthem’s networks and steal data.  The exact malware type was not disclosed but is reported to be a variant of a known family of hacking tools.  However, an independent security consultancy reports that the attack may have been started up to three months earlier.  The consultancy said that it noticed ‘botnet type activity’ at Anthem affiliate companies back in November 2014.

Back to the present, the settlement fund will cover costs incurred by victims of the breach.

According to the settlement’s “Alternative Compensation” section, customers who already received credit monitoring services can elect to receive a small cash compensation that ranges from $36 up to $50 in some instances.

The Judge Lucy Koh at District Court for the Northern District of California will review the proposal, it could be the largest data breach settlement in history if approved by the judge.

In March 2017, the US retail giant Target has entered a settlement with the US Attorneys General and it has agreed to pay $18.5 million over the 2013 data breach.

“After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses,” lead attorney Eve Cervantez said.

Anthem Insurance-HQ-jpg

As is usually the case with settlements, Anthem will not have to admit to any wrongdoing.

The settlement was also generous with attorneys, a third of the package for a total amount of $37,950,000 will cover their fees.

Experian, who is handling the credit and identity monitoring services for the victims of the Anthem data breach, will receive an additional $17m.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Anthem, Data Breach)

[adrotate banner=”13″]