ATLANTA — Georgia will receive more than $1.3 million from a multi-state legal settlement with Anthem stemming from a 2014 data breach that compromised the personal information of 78.8 million Americans.
In February 2015, Anthem revealed that cyber attackers had infiltrated its systems beginning the previous February, using malware installed through a phishing email. The culprits ultimately were able to access Anthem’s data warehouse, where they harvested victims’ names, birth dates, Social Security numbers, health-care identification numbers, home addresses, email addresses, phone numbers and employment information. More than 3.7 million Georgians were affected.
“We considered many factors before joining this investigation,” Georgia Attorney General Chris Carr said. “It is important to remember that in a world where cybersecurity threats are evolving, so too must our efforts to combat them.”
Georgia and 42 other states participated in the settlement, while totaled $39.5 million.
Under the settlement, Anthem has agreed not to misrepresent the extent to which the company protects the privacy and security of personal information. Anthem also will implement a comprehensive information security program, including specific security requirements with respect to segmentation, logging and monitoring, anti-virus maintenance and access controls.
“We believe Anthem is being an amicable partner in correcting this situation by taking the necessary measures to address the issue at hand,” Carr said.
In the immediate aftermath of the data breach, Anthem offered an initial two years of credit monitoring to all affected Americans.
Prior to the multi-state settlement, the company reached a class-action agreement that established a $115 million settlement fund to pay for additional credit monitoring, cash payments of up to $50 and reimbursement for out-of-pocket losses sustained by affected consumers.