A Court authorized the notice because you have a right to know how the proposed Settlement may affect your rights. The notice explains the nature of the litigation, the general terms of the proposed Settlement and what it may mean to you. The notice also explains the ways you may participate in, or exclude yourself from, the Settlement.
In February 2015, Anthem announced that it had been the subject of a cyberattack which resulted in the theft of information stored in Anthem’s databases concerning approximately 79 million people (the “Data Breach”). The information taken in this Data Breach may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information, including income data.
The lawsuit was brought on behalf of the individuals impacted by the Data Breach against Anthem, its subsidiaries and affiliates, and certain Blue Cross and Blue Shield companies who had members with data stored on Anthem’s databases that was taken in the Data Breach, even though they were not Anthem members. The Plaintiffs claim that Defendants failed to adequately protect their personal information and that they were injured as a result. Defendants deny any wrongdoing, and no court or other entity has made any judgment or other determination of any wrongdoing or that the law has been violated. The current, most recent, complaint filed in this litigation, which describes the specific legal claims alleged by the Plaintiffs, each individual Defendant named in the lawsuit, and the relief sought in litigation, is available on this website.
The Defendants are Anthem Inc., its subsidiaries and affiliates, and certain Blue Cross and Blue Shield companies that are not Anthem affiliates. There are many of these entities named in this litigation because of its nationwide scope, and because Anthem has numerous state-specific entities. Anthem is one of the largest health benefits and health insurance companies in the United States. Anthem serves its medical members through fourteen Blue Cross Blue Shield entities, as well as numerous non-Blue Cross Blue Shield entities, such as Amerigroup Corporation, CareMore Health Group, Inc., HealthLink, and UniCare. Here is the full list of Anthem, Inc. affiliated health plans that are Defendants in this case:
Blue Cross and Blue Shield of Georgia, Inc.; Blue Cross Blue Shield Healthcare Plan of Georgia, Inc.; Anthem Insurance Companies, Inc.; Blue Cross of California; Anthem Blue Cross Life and Health Insurance Company; Rocky Mountain Hospital and Medical Service, Inc.; Anthem Health Plans, Inc.; Anthem Health Plans of Kentucky, Inc.; Anthem Health Plans of Maine, Inc.; HMO Missouri, Inc.; RightCHOICE Managed Care, Inc.; Healthy Alliance Life Insurance Company; Anthem Health Plans of New Hampshire, Inc.; Empire HealthChoice Assurance, Inc.; Community Insurance Company; Anthem Health Plans of Virginia, Inc.; HealthKeepers, Inc.; Blue Cross Blue Shield of Wisconsin; Compcare Health Services Insurance Corporation; Amerigroup Corporation; Amerigroup Services, Inc.; Amerigroup Kansas, Inc.; Amerigroup Washington, Inc.; HealthLink, Inc.; UniCare Life & Health Insurance Company; CareMore Health Plan; The Anthem Companies, Inc.; and The Anthem Companies of California, Inc.
The Defendants also include The Blue Cross and Blue Shield Association and Blue Cross and/or Blue Shield licensees who had members with data stored on the Anthem database that was taken in the cyberattack, including: Blue Cross and Blue Shield of Alabama; USAble Mutual Insurance Company, d/b/a Arkansas Blue Cross and Blue Shield; California Physicians’ Service d/b/a Blue Shield of California; Blue Cross and Blue Shield of Florida, Inc. d/b/a Florida Blue; CareFirst of Maryland, Inc.; Blue Cross and Blue Shield of Massachusetts, Inc.; Blue Cross and Blue Shield of Michigan; BCBSM, Inc. d/b/a Blue Cross and Blue Shield of Minnesota; Horizon Healthcare Services, Inc.; Blue Cross and Blue Shield of North Carolina; Highmark Inc. f/k/a Highmark Health Services; Blue Cross and Blue Shield of Vermont; and Health Care Service Corporation, a Mutual Legal Reserve Company.
Even if you have not filed your own lawsuit against Defendants regarding the Data Breach, you can obtain the benefits provided by this Settlement because the litigation is proceeding as a class action.
In a class action, one or more people file a lawsuit to assert legal claims on behalf of themselves and other persons who have experienced the same or similar circumstances. Here, the more than 100 people who named themselves as Plaintiffs in the consolidated class action complaint against Defendants will serve as “Settlement Class Representatives” to represent not only their personal interests, but the interests of all the Settlement Class Members. Because this is a class action, even persons who did not file their own lawsuit can obtain relief from harm that may have been caused by the Data Breach.
Settlements avoid the costs and uncertainty of a trial and related appeals, while providing benefits to Settlement Class Members when the Settlement becomes final. The Court has not decided in favor of Plaintiffs or Defendants. Instead, both sides agreed to a settlement. Settlement Class Representatives and the attorneys for the Settlement Class (“Class Counsel,” see Question 7) believe that the Settlement is in the best interests of the Settlement Class Members.
You are a Settlement Class Member, and you are affected by this Settlement, if:
However, the following entities and individuals are not Settlement Class Members:
If you received a postcard Notice of this Settlement, you have been identified by the Settlement Administrator as a Settlement Class Member.
If you are not sure whether or not you are a settlement class member, you can still file a claim here. It is not necessary to determine if you are a settlement class member before filing a claim. The Settlement Administrator will determine whether you are a class member in the course of reviewing your claim. You may also go here to see whether or not you are a Settlement Class Member.
Yes. The Court appointed as “Class Counsel” Eve Cervantez of Altshuler Berzon LLP; Andrew N. Friedman of Cohen Milstein Sellers & Toll PLLC; Michael W. Sobol of Lieff Cabraser Heimann & Bernstein LLP; and Eric Gibbs of Girard Gibbs LLP to represent you and the other Settlement Class Members. If you want to be represented by your own lawyer, you may hire one at your own expense.
The Court approved payment to Class Counsel of $ 33,187,068.59 from the Settlement Fund, to pay attorneys’ fees and reimbursement of expenses, and to establish a cost reserve for certain future expenses.
The Court also approved Service Payments of $597,500 in total to compensate the Settlement Class Representatives. The 29 Settlement Class Representatives whose personal devices were forensically imaged and examined as part of discovery in this lawsuit will be compensated $7,500 each. The other 76 Settlement Class Representatives who participated in discovery about their claims and/or about their minor child(ren)’s claims will be compensated $5,000 each.
The Settlement provides the following benefits to Settlement Class Members:
Settlement Benefit: Data Security Practice Changes and Commitments by Anthem
Anthem will enhance its information security practices to help protect the personal information stored on its databases from another cyberattack. This will include archiving databases with strict access controls and monitoring requirements, strengthening various data security controls, encrypting certain information, and guaranteeing a specified level of funding for Anthem’s information security.
Anthem will maintain the specific practice changes agreed to in the Settlement for at least three years from the date the Court gives Final Approval to the Settlement. An independent consultant will monitor Anthem’s compliance with these business practice commitments, and the consultant will provide an assessment of Anthem’s compliance to Class Counsel annually, after the Settlement becomes final.
Settlement Benefit: Free Credit Monitoring Services
The deadline to submit a claim for Free Credit Monitoring Services has passed. New Credit Services Claims will not be processed. Settlement Class Members may still file claims for Out-of-Pocket costs until August 16, 2019, by clicking here.
If you elected to receive Credit Monitoring Services and submitted a valid and timely claim form , instructions for receiving these services will be sent to you via email, or, if you did not provide an email address, via U.S. Mail. If you submitted a timely claim for credit services but did not receive settlement benefits by December 14, 2018, you may call 1-877-703-0745 for more information.
The Settlement provides a way to protect yourself from unauthorized use of your personal information.
Credit Monitoring Services will be provided for an initial period of two years. Credit Monitoring Services may be automatically extended to Settlement Class Members for a period longer than two years if there are sufficient funds left in the Settlement Fund. More detail about how Credit Monitoring Services could be extended longer than two years is available in Question 19.
Credit Monitoring Services are being provided by Experian. The features of these Credit Monitoring Services include:
Experian has established an informational Internet web page for the Credit Monitoring Services being offered through this Settlement which can be found at: www.experianidworks.com/anthem
Settlement Benefit: Cash Payment As An Alternative to Free Credit Monitoring Services
The deadline to submit a claim for Alternative Compensation has passed. New Alternative Compensation Claims will not be processed. Settlement Class Members may still file claims for Out-of-Pocket costs until August 16, 2019, by clicking here.
If you do not need identity theft and fraud protection from the Settlement because you already have credit monitoring or protection services and you certified that you will keep them until at least October 30, 2018, the Settlement offered a cash payment instead of additional credit monitoring, by filing an Alternative Compensation Claim.
If you elected to receive cash compensation in lieu of credit services and submitted a valid and timely claim form , a check for $50 will be sent by U.S. mail to the mailing address you provided with your claim (or via Paypal if you provided an email address and requested electronic payment). If you submitted a timely claim for alternative compensation but did not receive settlement benefits by December 14, 2018, you may call 1-877-703-0745 for more information.
Settlement Benefit: Fraud Resolution Services
Recovering from fraud or identity theft is a time-consuming, costly affair for anyone going through it alone. Whether or not you make a claim, the Settlement provides help if it happens to you.
All Settlement Class Members are eligible to receive access to Fraud Resolution Services through Experian. Fraud Resolution Specialists will be available by telephone, email, and mail to help you with important but time-consuming tasks such as placing fraud alerts with the credit bureaus, disputing inaccurate information on your credit reports, scheduling calls with creditors and other service providers, and working with law enforcement and government agencies to dispute fraudulent information. More details about Experian’s Fraud Resolution Services for Settlement Class Members are available at www.experianidworks.com/anthem.
All Settlement Class Members may access Fraud Resolution Services, even if you never made a claim from this Settlement, by providing the Engagement Number for the Settlement (available here) to the Fraud Resolution Specialists at Experian. Once you have obtained the Engagement Number (by clicking here), you may call Experian toll free at (866) 579-2216 to reach a Fraud Resolution Specialist.
Settlement Benefit: Reimbursement for Out-of-Pocket Losses
If you spent time or money to address fraud or identity theft that you believe was related to the Data Breach, or to protect yourself from future harm, then you may make a documented claim for reimbursement. The Settlement reserves a fund of $15 million to pay all valid Out-of-Pocket Costs Claims of all Settlement Class Members, and each individual claim may not exceed $10,000. Additionally, money remaining in the Settlement Fund after at least four years of Credit Monitoring Services have been provided will also be used to pay claims for reimbursement of Out of Pocket Losses.
Claims received on or before the Effective Date will be processed together. The Effective Date was October 25, 2018. If the total amount of all approved claims received on or before the Effective Date exceeds $15 million plus any reserve after payment for four full years of credit monitoring services, then approved claims will not be paid in full. Instead, the amount of each claim will be reduced proportionally (by a percentage) until the total amount of all approved claims is equal to the amount remaining for out of pocket loss compensation.
After the Effective Date, claims will be processed in the order they are received, on a first-come first-served basis, until August 16, 2019. Once the Out of Pocket Costs reserve of $15 million plus additional funds remaining after provision of four years of credit monitoring has been provided is exhausted, no more claims for Out-Of-Pocket Costs will be paid.
Out-of-Pocket Losses that are eligible for reimbursement through the Settlement include the following costs incurred after January 2015:
This list provides examples only, and other losses or costs due to the Data Breach may also be eligible for reimbursement. YOU MUST BE ABLE TO DOCUMENT YOUR CLAIM.
The Settlement Administrator has the sole authority to determine the validity of claims for Out-Of-Pocket Costs. Only valid and timely claims will be paid, and only in the amount for which they are approved by the Settlement Administrator.
The deadline to file an Out-of-Pocket Costs Claim is August 16, 2019. Out-of-Pocket Costs Claims received after the Out of Pocket Reserve has been exhausted will be denied.
The deadline to submit a claim for Alternative Compensation or Credit Monitoring Services has passed. New Alternative Compensation Claims and Credit Monitoring Services Claims will not be processed. Settlement Class Members may still file claims for Out-of-Pocket costs until August 16, 2019, by clicking here.
To file a claim for reimbursement of expenses or up to ten hours of time you believe you lost due to the Data Breach, you need to file an Out-of-Pocket Costs Claim form and submit documentation and an attestation regarding the costs and losses that you incurred. There are two options for filing claims:
The deadline to file an Out-of-Pocket Costs Claim is one year after the Final Approval Date (this is the last day to file online and postmark deadline for mailed claims), and the Final Approval Date is estimated to be on or around February 1, 2018. However, claims received by the Effective Date will receive priority. The earliest possible Effective Date is March 5, 2018.
Instructions for filing out an Out-of-Pocket Costs Claim form are included on that form. You may file a claim for Reimbursement of Out-of-Pocket Costs in addition to filing a separate claim for Credit Monitoring Services or Alternative Compensation.
The deadline to submit a claim for Credit Services or Alternative Compensation was July 19, 2018. Those benefits will be distributed, by December 1, 2018, to Settlement Class Members who submitted timely and valid claim forms.
If you chose to receive Credit Services by checking the “Credit Services” box on your valid and timely claim form, instructions to activate those services will be sent to you by email. If you did not provide an email address with your claim, instructions will be sent by U.S. mail to the mailing address you provided on your claim form.
If you chose to receive Alternative Compensation instead of Credit Services, a payment for $50 will be sent to you via PayPal, if you filed your claim electronically and chose PayPal on your valid and timely claim form. If you did not choose PayPal on your claim form, a check for $50 will be sent by U.S. mail to the mailing address you provided with your claim.
If you timely submitted your claim for credit monitoring services or alternative compensation, but you have not received instructions to activate your credit monitoring, or a check for $50 by December 14, 2018, you may call 1-877-703-0745 for more information.
If, after you submit a claim form, you change your mailing address or email address, it is your responsibility to inform the Settlement Administrator of your updated information. Notify the Settlement Administrator of any changes to your mailing address or email address by writing:
In re Anthem, Inc. Data Breach Litigation
P.O. Box 404012
Louisville, KY 40233-9821
None of the money in the $115 million Settlement Fund will be paid back to Defendants. The Settlement Fund will be used to pay for Credit Monitoring Services, Fraud Resolution Services, Alternative Compensation payments, Out-Of-Pocket Costs payments, Settlement administration costs, Class Counsel’s fees and expenses, and Service Payments to the Settlement Class Representatives.
Any money left in the Settlement Fund after these expenditures will be used to extend the time period for the Credit Monitoring Services claims, i.e. credit monitoring beyond the initial, guaranteed two years,for as long as funds are available to extend Credit Services for one full month.
If there is not enough money to extend Credit Monitoring Services by at least one month, or, if funds are left over after Credit Monitoring Services have been extended for as many full months as possible, the remaining funds will be distributed in equal parts to non-profit organizations, or “Cy Pres Recipients.” The Cy Pres Recipients are: the Center for Education and Research in Information Assurance Security at Purdue University and the Electronic Frontier Foundation.
If you make a claim, or if you do nothing, you will be releasing all of your legal claims relating to the Data Breach against all of the Defendants and every other person or entity (except the cyber attackers who committed the criminal acts involved in the Data Breach and persons or entities that intentionally misuse the Personal Information stolen in the Data Breach for unlawful purposes) when the Settlement becomes final. By releasing your legal claims, you are giving up the right to file lawsuits against, or seek further compensation from, the Defendants and every other person or entity (except the cyber attackers who committed the criminal acts involved in the Data Breach and persons or entities that intentionally misuse the Personal Information stolen in the Data Breach for unlawful purposes) for any harm related to the Data Breach—whether or not you are currently aware of those claims. Unless you exclude yourself from the Settlement (see Questions 26-29), all of the orders and decisions by the Court will bind you. That means you will be bound to the terms of the Settlement, and accompanying Court orders, and cannot bring a lawsuit, or be part of another lawsuit against Defendants or any other person or entity (except the cyber attackers who committed the criminal acts involved in the Data Breach and persons or entities that intentionally misuse the Personal Information stolen in the Data Breach for unlawful purposes) relating to the Data Breach.
The Notice provides only a summary of the claims being released. The specific details of the claims being released by Settlement Class Members who do not exclude themselves from the Settlement are set forth in Sections 1.32, 1.44, and 13.1-13.3 of the Settlement Agreement , as well as the Amendment to Section 13.1 of the Settlement Agreement. If you have any questions or concerns about the release, you should access the Settlement Agreement and read the specific details of the legal claims being released on this website. You also may contact the Settlement Administrator with questions (see Question 31 for contact information).
The Notice summarizes the proposed Settlement. More details are in the Settlement Agreement itself. You can get a copy of the Settlement Agreement, view other case documents, and get additional information and updates by viewing the pages on this website.
All of the case documents that have been filed publicly in this case are also available online through the Court’s Public Access to Court Electronic Records (PACER) system at https://ecf.cand.uscourts.gov. This case is called In re Anthem, Inc. Data Breach Litigation, and the case number is 15-md-02617. You may obtain case documents by visiting the office of the Clerk of the Court for the United States District Court for the Northern District of California, San Jose Division, between 9:00 a.m. and 4:00 p.m., Monday through Friday, excluding Court holidays.
You can also get additional information or request a copy of the Settlement Agreement by calling toll-free 1-855-636-6136 or writing to the Settlement Administrator at In re Anthem, Inc. Data Breach Litigation, P.O. Box 404012, Louisville, KY 40233-9821.
DO NOT TELEPHONE THE COURT OR THE COURT CLERK’S OFFICE TO INQUIRE ABOUT THIS SETTLEMENT OR THE CLAIM PROCESS.
No. The Court has already considered comments or objections submitted by Settlement Class members to the Settlement and determined that the Settlement, as amended, is fair, reasonable, and in the best interests of Settlement Class members. The deadline to submit a comment or objection was December 29, 2017. The Final Approval Hearing was conducted at 1:30 p.m. on February 1, 2018 and June 14, 2018, in Courtroom 8 of the United States Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113.
To read the Court's Order granting final approval, click here. To read the Court's order awarding attorneys' fees, click here. To read the Court's judgment, click here. The “Effective Date” of the settlement occurred on October 25, 2018, following dismissal of all appeals of the Court’s orders, and the terms of the Settlement are now final.