Frequently Asked Questions

  1. Why is there a notice?
  2. What is this litigation about?
  3. Who are the Defendants in the lawsuit?
  4. Why is this a class action?
  5. Why is there a Settlement?
  6. How do I know if I am part of the Settlement?
  7. Do I have a lawyer in the case?
  8. How will Class Counsel be paid?
  9. What benefits does the Settlement provide?
  10. Will the Settlement help protect data stored by Anthem from another data breach?
  11. Will the Settlement help protect me against future identity theft and fraud?
  12. What if I already have protection against identity theft and fraud and I don’t want more?
  13. Will the Settlement help me deal with identity theft or fraud if it happens?
  14. Will the Settlement pay me back for identity theft and fraud I have already suffered or expenses I have already paid to protect myself?
  15. How do I file a claim for Credit Monitoring Services or Alternative Compensation?
  16. How do I file a claim for Reimbursement of Out-of-Pocket Costs?
  17. When and how will I receive the benefits I claim from the Settlement?
  18. What happens if my contact information changes after I submit a claim?
  19. What happens if some of the money from this Settlement is not claimed?
  20. What am I giving up to stay in the Settlement Class?
  21. How do I get more information?
  22. Can I change the terms of the Settlement?



  1. Why is there a notice?

    A Court authorized the notice because you have a right to know how the proposed Settlement may affect your rights. The notice explains the nature of the litigation, the general terms of the proposed Settlement and what it may mean to you. The notice also explains the ways you may participate in, or exclude yourself from, the Settlement.

    Top

  2. What is this litigation about?

    In February 2015, Anthem announced that it had been the subject of a cyberattack which resulted in the theft of information stored in Anthem’s databases concerning approximately 79 million people (the “Data Breach”). The information taken in this Data Breach may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information, including income data.

    The lawsuit was brought on behalf of the individuals impacted by the Data Breach against Anthem, its subsidiaries and affiliates, and certain Blue Cross and Blue Shield companies who had members with data stored on Anthem’s databases that was taken in the Data Breach, even though they were not Anthem members. The Plaintiffs claim that Defendants failed to adequately protect their personal information and that they were injured as a result. Defendants deny any wrongdoing, and no court or other entity has made any judgment or other determination of any wrongdoing or that the law has been violated. The current, most recent, complaint filed in this litigation, which describes the specific legal claims alleged by the Plaintiffs, each individual Defendant named in the lawsuit, and the relief sought in litigation, is available on this website.

    Top

  3. Who are the Defendants in the lawsuit?

    The Defendants are Anthem Inc., its subsidiaries and affiliates, and certain Blue Cross and Blue Shield companies that are not Anthem affiliates. There are many of these entities named in this litigation because of its nationwide scope, and because Anthem has numerous state-specific entities. Anthem is one of the largest health benefits and health insurance companies in the United States. Anthem serves its medical members through fourteen Blue Cross Blue Shield entities, as well as numerous non-Blue Cross Blue Shield entities, such as Amerigroup Corporation, CareMore Health Group, Inc., HealthLink, and UniCare. Here is the full list of Anthem, Inc. affiliated health plans that are Defendants in this case:

    Blue Cross and Blue Shield of Georgia, Inc.; Blue Cross Blue Shield Healthcare Plan of Georgia, Inc.; Anthem Insurance Companies, Inc.; Blue Cross of California; Anthem Blue Cross Life and Health Insurance Company; Rocky Mountain Hospital and Medical Service, Inc.; Anthem Health Plans, Inc.; Anthem Health Plans of Kentucky, Inc.; Anthem Health Plans of Maine, Inc.; HMO Missouri, Inc.; RightCHOICE Managed Care, Inc.; Healthy Alliance Life Insurance Company; Anthem Health Plans of New Hampshire, Inc.; Empire HealthChoice Assurance, Inc.; Community Insurance Company; Anthem Health Plans of Virginia, Inc.; HealthKeepers, Inc.; Blue Cross Blue Shield of Wisconsin; Compcare Health Services Insurance Corporation; Amerigroup Corporation; Amerigroup Services, Inc.; Amerigroup Kansas, Inc.; Amerigroup Washington, Inc.; HealthLink, Inc.; UniCare Life & Health Insurance Company; CareMore Health Plan; The Anthem Companies, Inc.; and The Anthem Companies of California, Inc.

    The Defendants also include The Blue Cross and Blue Shield Association and Blue Cross and/or Blue Shield licensees who had members with data stored on the Anthem database that was taken in the cyberattack, including: Blue Cross and Blue Shield of Alabama; USAble Mutual Insurance Company, d/b/a Arkansas Blue Cross and Blue Shield; California Physicians’ Service d/b/a Blue Shield of California; Blue Cross and Blue Shield of Florida, Inc. d/b/a Florida Blue; CareFirst of Maryland, Inc.; Blue Cross and Blue Shield of Massachusetts, Inc.; Blue Cross and Blue Shield of Michigan; BCBSM, Inc. d/b/a Blue Cross and Blue Shield of Minnesota; Horizon Healthcare Services, Inc.; Blue Cross and Blue Shield of North Carolina; Highmark Inc. f/k/a Highmark Health Services; Blue Cross and Blue Shield of Vermont; and Health Care Service Corporation, a Mutual Legal Reserve Company.

    Top

  4. Why is this a class action?

    Even if you have not filed your own lawsuit against Defendants regarding the Data Breach, you can obtain the benefits provided by this Settlement because the litigation is proceeding as a class action.

    In a class action, one or more people file a lawsuit to assert legal claims on behalf of themselves and other persons who have experienced the same or similar circumstances. Here, the more than 100 people who named themselves as Plaintiffs in the consolidated class action complaint against Defendants will serve as “Settlement Class Representatives” to represent not only their personal interests, but the interests of all the Settlement Class Members. Because this is a class action, even persons who did not file their own lawsuit can obtain relief from harm that may have been caused by the Data Breach.

    Top

  5. Why is there a Settlement?

    Settlements avoid the costs and uncertainty of a trial and related appeals, while providing benefits to Settlement Class Members when the Settlement becomes final. The Court has not decided in favor of Plaintiffs or Defendants. Instead, both sides agreed to a settlement. Settlement Class Representatives and the attorneys for the Settlement Class (“Class Counsel,” see Question 7) believe that the Settlement is in the best interests of the Settlement Class Members.

    Top

  6. How do I know if I am part of the Settlement?

    You are a Settlement Class Member, and you are affected by this Settlement, if:

    • You received a notice from Anthem concerning the Data Breach that was announced in February 2015;
      or
    • Your personal information was taken during the Data Breach, and is included in Anthem’s Member Impact Database.

    However, the following entities and individuals are not Settlement Class Members:

    • The Defendants, any entity in which the Defendants have a controlling interest, and the Defendants’ officers, directors, legal representatives, successors, subsidiaries, and assigns;
    • Any judge, justice, or judicial officer presiding over this matter and the members of their immediate families and judicial staff; and
    • Any individual who timely and validly opts-out from the Settlement Class.

    If you received a postcard Notice of this Settlement, you have been identified by the Settlement Administrator as a Settlement Class Member.

    If you are not sure whether or not you are a settlement class member, you can still file a claim here. It is not necessary to determine if you are a settlement class member before filing a claim. The Settlement Administrator will determine whether you are a class member in the course of reviewing your claim. You may also go here to see whether or not you are a Settlement Class Member.

    Top

  7. Do I have a lawyer in the case?

    Yes. The Court appointed as “Class Counsel” Eve Cervantez of Altshuler Berzon LLP; Andrew N. Friedman of Cohen Milstein Sellers & Toll PLLC; Michael W. Sobol of Lieff Cabraser Heimann & Bernstein LLP; and Eric Gibbs of Girard Gibbs LLP to represent you and the other Settlement Class Members. If you want to be represented by your own lawyer, you may hire one at your own expense.

    Top

  8. How will Class Counsel be paid?

    The Court approved payment to Class Counsel of $ 33,187,068.59 from the Settlement Fund, to pay attorneys’ fees and reimbursement of expenses, and to establish a cost reserve for certain future expenses.

    The Court also approved Service Payments of $597,500 in total to compensate the Settlement Class Representatives. The 29 Settlement Class Representatives whose personal devices were forensically imaged and examined as part of discovery in this lawsuit will be compensated $7,500 each. The other 76 Settlement Class Representatives who participated in discovery about their claims and/or about their minor child(ren)’s claims will be compensated $5,000 each.

    Class Counsel’s application for attorneys’ fees, expenses, and Service Payments is available here. The Court’s order awarding attorney’s fees and expenses is available here.

    Top

  9. What benefits does the Settlement provide?

    The Settlement provides the following benefits to Settlement Class Members:

    • Data Security Practice Changes and Commitments by Anthem (See Question 10);
    • Free Credit Monitoring Services (See Questions 11, 15);
    • Cash Payment as an Alternative to Free Credit Monitoring Services (See Questions 12, 15)
    • Free Fraud Resolution Services (See Question 13);
    • Cash Reimbursement for Out-Of-Pocket Losses (See Questions 14, 16).

    Top

  10. Will the Settlement help protect data stored by Anthem from another data breach?

    Settlement Benefit: Data Security Practice Changes and Commitments by Anthem

    Anthem will enhance its information security practices to help protect the personal information stored on its databases from another cyberattack. This will include archiving databases with strict access controls and monitoring requirements, strengthening various data security controls, encrypting certain information, and guaranteeing a specified level of funding for Anthem’s information security.

    Anthem will maintain the specific practice changes agreed to in the Settlement for at least three years from the date the Court gives Final Approval to the Settlement. An independent consultant will monitor Anthem’s compliance with these business practice commitments, and the consultant will provide an assessment of Anthem’s compliance to Class Counsel annually, after the Settlement becomes final.

    Top

  11. Will the Settlement help protect me against future identity theft and fraud?

    Settlement Benefit: Free Credit Monitoring Services

    The deadline to submit a claim for Free Credit Monitoring Services has passed. New Credit Services Claims will not be processed. Settlement Class Members may still file claims for Out-of-Pocket costs until August 16, 2019, by clicking here.

    If you elected to receive Credit Monitoring Services and submitted a valid and timely claim form , instructions for receiving these services will be sent to you via email, or, if you did not provide an email address, via U.S. Mail. If you submitted a timely claim for credit services but did not receive settlement benefits by December 14, 2018, you may call 1-877-703-0745 for more information.

    The Settlement provides a way to protect yourself from unauthorized use of your personal information.

    Credit Monitoring Services will be provided for an initial period of two years. Credit Monitoring Services may be automatically extended to Settlement Class Members for a period longer than two years if there are sufficient funds left in the Settlement Fund. More detail about how Credit Monitoring Services could be extended longer than two years is available in Question 19.

    Credit Monitoring Services are being provided by Experian. The features of these Credit Monitoring Services include:

    • Daily credit monitoring of the Settlement Class Members’ credit file at all three major credit reporting agencies (Experian, Equifax & TransUnion);
    • An Experian Credit Report Upon Enrollment;
    • A subsequent, updated Experian Credit Report available at the Settlement Class Members’ election as often as daily (online);
    • ID Theft Insurance, which covers certain identity theft related expenses incurred by Settlement Class Members up to a limit of $1 million;
    • Internet Surveillance, which includes monitoring of the “dark web” for Settlement Class Members’ personal information;
    • Identity Validation monitoring and alerts to notify Settlement Class Members in the event their identity has been verified across the Experian identity network;
    • Identity Monitoring of minors under the age of 18 (through their parents or legal guardian), including Social Security number trace, internet surveillance, identity restoration, and identity theft insurance; and
    • Fraud Resolution Services that provide professional fraud resolution assistance to Settlement Class Members who experience identity theft or fraud, helping them with identity recovery and restoration.

    Experian has established an informational Internet web page for the Credit Monitoring Services being offered through this Settlement which can be found at: www.experianidworks.com/anthem

    Top

  12. What if I already have protection against identity theft and fraud and I don’t want more?

    Settlement Benefit: Cash Payment As An Alternative to Free Credit Monitoring Services

    The deadline to submit a claim for Alternative Compensation has passed. New Alternative Compensation Claims will not be processed. Settlement Class Members may still file claims for Out-of-Pocket costs until August 16, 2019, by clicking here.

    If you do not need identity theft and fraud protection from the Settlement because you already have credit monitoring or protection services and you certified that you will keep them until at least October 30, 2018, the Settlement offered a cash payment instead of additional credit monitoring, by filing an Alternative Compensation Claim.

    If you elected to receive cash compensation in lieu of credit services and submitted a valid and timely claim form , a check for $50 will be sent by U.S. mail to the mailing address you provided with your claim (or via Paypal if you provided an email address and requested electronic payment). If you submitted a timely claim for alternative compensation but did not receive settlement benefits by December 14, 2018, you may call 1-877-703-0745 for more information.

    Top

  13. Will the Settlement help me deal with identity theft or fraud if it happens?

    Settlement Benefit: Fraud Resolution Services

    Recovering from fraud or identity theft is a time-consuming, costly affair for anyone going through it alone. Whether or not you make a claim, the Settlement provides help if it happens to you.

    All Settlement Class Members are eligible to receive access to Fraud Resolution Services through Experian. Fraud Resolution Specialists will be available by telephone, email, and mail to help you with important but time-consuming tasks such as placing fraud alerts with the credit bureaus, disputing inaccurate information on your credit reports, scheduling calls with creditors and other service providers, and working with law enforcement and government agencies to dispute fraudulent information. More details about Experian’s Fraud Resolution Services for Settlement Class Members are available at www.experianidworks.com/anthem.

    All Settlement Class Members may access Fraud Resolution Services, even if you never made a claim from this Settlement, by providing the Engagement Number for the Settlement (available here) to the Fraud Resolution Specialists at Experian. Once you have obtained the Engagement Number (by clicking here), you may call Experian toll free at (866) 579-2216 to reach a Fraud Resolution Specialist.

    Top

  14. Will the Settlement pay me back for identity theft and fraud I have already suffered or expenses I have already paid to protect myself?

    Settlement Benefit: Reimbursement for Out-of-Pocket Losses

    If you spent time or money to address fraud or identity theft that you believe was related to the Data Breach, or to protect yourself from future harm, then you may make a documented claim for reimbursement. The Settlement reserves a fund of $15 million to pay all valid Out-of-Pocket Costs Claims of all Settlement Class Members, and each individual claim may not exceed $10,000. Additionally, money remaining in the Settlement Fund after at least four years of Credit Monitoring Services have been provided will also be used to pay claims for reimbursement of Out of Pocket Losses.

    Claims received on or before the Effective Date will be processed together. The Effective Date was October 25, 2018. If the total amount of all approved claims received on or before the Effective Date exceeds $15 million plus any reserve after payment for four full years of credit monitoring services, then approved claims will not be paid in full. Instead, the amount of each claim will be reduced proportionally (by a percentage) until the total amount of all approved claims is equal to the amount remaining for out of pocket loss compensation.

    After the Effective Date, claims will be processed in the order they are received, on a first-come first-served basis, until August 16, 2019. Once the Out of Pocket Costs reserve of $15 million plus additional funds remaining after provision of four years of credit monitoring has been provided is exhausted, no more claims for Out-Of-Pocket Costs will be paid.

    Out-of-Pocket Losses that are eligible for reimbursement through the Settlement include the following costs incurred after January 2015:

    • The costs of credit monitoring or identity protection services you obtained (up to the date on which Credit Monitoring Services become available through this Settlement).
    • Unreimbursed losses, fees, or charges incurred as a result of identity fraud or theft connected with the possible misuse of your Social Security number, date of birth, email address, address, income and employment information, or health care ID number.
    • Professional fees and other costs incurred addressing identity fraud or theft, including falsified tax returns or other identity fraud or theft connected with the possible misuse of your Social Security number, date of birth, email address, address, income and employment information, or health care ID number.
    • Costs associated with credit freezes.
    • Miscellaneous expenses such as notary, fax, postage, copying, mileage, and long-distance charges that you show were incurred in connection with identity fraud or theft connected with the possible misuse of your Social Security number, date of birth, email address, address, income and employment information, or health care ID number.
    • If you can adequately document identity fraud or theft connected with the possible misuse of your Social Security number, date of birth, email address, address, income and employment information, or health care ID number, you may be eligible for reimbursement of up to ten hours of time spent remedying issues related to the Data Breach (calculated at $15 per hour, or time off work at your documented hourly wage, whichever is greater).

    This list provides examples only, and other losses or costs due to the Data Breach may also be eligible for reimbursement. YOU MUST BE ABLE TO DOCUMENT YOUR CLAIM.

    The Settlement Administrator has the sole authority to determine the validity of claims for Out-Of-Pocket Costs. Only valid and timely claims will be paid, and only in the amount for which they are approved by the Settlement Administrator.

    The deadline to file an Out-of-Pocket Costs Claim is August 16, 2019. Out-of-Pocket Costs Claims received after the Out of Pocket Reserve has been exhausted will be denied.

    Top

  15. How do I file a claim for Credit Monitoring Services or Alternative Compensation?

    The deadline to submit a claim for Alternative Compensation or Credit Monitoring Services has passed. New Alternative Compensation Claims and Credit Monitoring Services Claims will not be processed. Settlement Class Members may still file claims for Out-of-Pocket costs until August 16, 2019, by clicking here.

    Top

  16. How do I file a claim for Reimbursement of Out-of-Pocket Costs?

    To file a claim for reimbursement of expenses or up to ten hours of time you believe you lost due to the Data Breach, you need to file an Out-of-Pocket Costs Claim form and submit documentation and an attestation regarding the costs and losses that you incurred. There are two options for filing claims:

    1. File by Mail: Download a hard copy of the claim form (available here or ask the Settlement Administrator to mail a claim form to you by calling 1-855-636-6136), fill it out, and mail it (including postage) to: In re Anthem, Inc. Data Breach Litigation, P.O. Box 404012, Louisville, KY 40233-9821; or
    2. File Online: Alternatively, you may fill out and submit the claim form and the required documentation online.

    The deadline to file an Out-of-Pocket Costs Claim is one year after the Final Approval Date (this is the last day to file online and postmark deadline for mailed claims), and the Final Approval Date is estimated to be on or around February 1, 2018. However, claims received by the Effective Date will receive priority. The earliest possible Effective Date is March 5, 2018.

    Instructions for filing out an Out-of-Pocket Costs Claim form are included on that form. You may file a claim for Reimbursement of Out-of-Pocket Costs in addition to filing a separate claim for Credit Monitoring Services or Alternative Compensation.

    You may access the Claim Form and view a video on how to file a claim on this website.

    Top

  17. When and how will I receive the benefits I claim from the Settlement?

    The deadline to submit a claim for Credit Services or Alternative Compensation was July 19, 2018. Those benefits will be distributed, by December 1, 2018, to Settlement Class Members who submitted timely and valid claim forms.

    If you chose to receive Credit Services by checking the “Credit Services” box on your valid and timely claim form, instructions to activate those services will be sent to you by email. If you did not provide an email address with your claim, instructions will be sent by U.S. mail to the mailing address you provided on your claim form.

    If you chose to receive Alternative Compensation instead of Credit Services, a payment for $50 will be sent to you via PayPal, if you filed your claim electronically and chose PayPal on your valid and timely claim form. If you did not choose PayPal on your claim form, a check for $50 will be sent by U.S. mail to the mailing address you provided with your claim.

    If you timely submitted your claim for credit monitoring services or alternative compensation, but you have not received instructions to activate your credit monitoring, or a check for $50 by December 14, 2018, you may call 1-877-703-0745 for more information.

    Top

  18. What happens if my contact information changes after I submit a claim?

    If, after you submit a claim form, you change your mailing address or email address, it is your responsibility to inform the Settlement Administrator of your updated information. Notify the Settlement Administrator of any changes to your mailing address or email address by writing:

    In re Anthem, Inc. Data Breach Litigation
    P.O. Box 404012
    Louisville, KY 40233-9821

    Top

  19. What happens if some of the money from this Settlement is not claimed?

    None of the money in the $115 million Settlement Fund will be paid back to Defendants. The Settlement Fund will be used to pay for Credit Monitoring Services, Fraud Resolution Services, Alternative Compensation payments, Out-Of-Pocket Costs payments, Settlement administration costs, Class Counsel’s fees and expenses, and Service Payments to the Settlement Class Representatives.

    Any money left in the Settlement Fund after these expenditures will be used to extend the time period for the Credit Monitoring Services claims, i.e. credit monitoring beyond the initial, guaranteed two years,for as long as funds are available to extend Credit Services for one full month.

    If there is not enough money to extend Credit Monitoring Services by at least one month, or, if funds are left over after Credit Monitoring Services have been extended for as many full months as possible, the remaining funds will be distributed in equal parts to non-profit organizations, or “Cy Pres Recipients.” The Cy Pres Recipients are: the Center for Education and Research in Information Assurance Security at Purdue University and the Electronic Frontier Foundation.

    Top

  20. What am I giving up to stay in the Settlement Class?

    If you make a claim, or if you do nothing, you will be releasing all of your legal claims relating to the Data Breach against all of the Defendants and every other person or entity (except the cyber attackers who committed the criminal acts involved in the Data Breach and persons or entities that intentionally misuse the Personal Information stolen in the Data Breach for unlawful purposes) when the Settlement becomes final. By releasing your legal claims, you are giving up the right to file lawsuits against, or seek further compensation from, the Defendants and every other person or entity (except the cyber attackers who committed the criminal acts involved in the Data Breach and persons or entities that intentionally misuse the Personal Information stolen in the Data Breach for unlawful purposes) for any harm related to the Data Breach—whether or not you are currently aware of those claims. Unless you exclude yourself from the Settlement (see Questions 26-29), all of the orders and decisions by the Court will bind you. That means you will be bound to the terms of the Settlement, and accompanying Court orders, and cannot bring a lawsuit, or be part of another lawsuit against Defendants or any other person or entity (except the cyber attackers who committed the criminal acts involved in the Data Breach and persons or entities that intentionally misuse the Personal Information stolen in the Data Breach for unlawful purposes) relating to the Data Breach.

    The Notice provides only a summary of the claims being released. The specific details of the claims being released by Settlement Class Members who do not exclude themselves from the Settlement are set forth in Sections 1.32, 1.44, and 13.1-13.3 of the Settlement Agreement , as well as the Amendment to Section 13.1 of the Settlement Agreement. If you have any questions or concerns about the release, you should access the Settlement Agreement and read the specific details of the legal claims being released on this website. You also may contact the Settlement Administrator with questions (see Question 31 for contact information).

    Top

  21. How do I get more information?

    The Notice summarizes the proposed Settlement. More details are in the Settlement Agreement itself. You can get a copy of the Settlement Agreement, view other case documents, and get additional information and updates by viewing the pages on this website.

    All of the case documents that have been filed publicly in this case are also available online through the Court’s Public Access to Court Electronic Records (PACER) system at https://ecf.cand.uscourts.gov. This case is called In re Anthem, Inc. Data Breach Litigation, and the case number is 15-md-02617. You may obtain case documents by visiting the office of the Clerk of the Court for the United States District Court for the Northern District of California, San Jose Division, between 9:00 a.m. and 4:00 p.m., Monday through Friday, excluding Court holidays.

    You can also get additional information or request a copy of the Settlement Agreement by calling toll-free 1-855-636-6136 or writing to the Settlement Administrator at In re Anthem, Inc. Data Breach Litigation, P.O. Box 404012, Louisville, KY 40233-9821.

    DO NOT TELEPHONE THE COURT OR THE COURT CLERK’S OFFICE TO INQUIRE ABOUT THIS SETTLEMENT OR THE CLAIM PROCESS.

    Top

  22. Can I change the terms of the Settlement?

    No. The Court has already considered comments or objections submitted by Settlement Class members to the Settlement and determined that the Settlement, as amended, is fair, reasonable, and in the best interests of Settlement Class members. The deadline to submit a comment or objection was December 29, 2017. The Final Approval Hearing was conducted at 1:30 p.m. on February 1, 2018 and June 14, 2018, in Courtroom 8 of the United States Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113.

    To read the Court's Order granting final approval, click here. To read the Court's order awarding attorneys' fees, click here. To read the Court's judgment, click here. The “Effective Date” of the settlement occurred on October 25, 2018, following dismissal of all appeals of the Court’s orders, and the terms of the Settlement are now final.

    Top