A proposed settlement has been reached in a class action lawsuit over the 2015 cyberattack of health insurer Anthem, Inc., involving the theft of the personal information of 78.8 million people.

The $115 million settlement, if approved by the Court, will be the largest data breach settlement in history.

In early 2015, Anthem acknowledged that it had been the target of a cyberattack, in which the personal information of 78.8 million individuals was stolen, including, for many of those individuals: names, dates of birth, social security numbers, and health care ID numbers.

The proposed settlement provides for Anthem to establish a $115 million settlement fund, which will be used to

  • provide victims of the data breach at least two years of credit monitoring
  •  cover out-of-pocket expenses incurred by consumers as a result of the data breach; and
  • provide cash compensation for those consumers who are already enrolled in credit monitoring.

In addition to the monetary fund, the settlement will require Anthem to guarantee a certain level of funding for information security and to implement or maintain numerous specific changes to its data security systems, including encryption of certain information and archiving sensitive data with strict access controls.

The settlement is designed to protect class members from future risk, provide compensation, and ensure best cybersecurity practices to deter against future data breaches.

“After two years of intensive litigation and hard work by the parties, we are pleased that consumers who were affected by this data breach will be protected going forward and compensated for past losses,” said Eve Cervantez, co-lead counsel representing the plaintiffs in the Anthem litigation.