Attorneys General Call for Anthem Response; Company Agrees to Provide Protections

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Martha Kessler

Feb. 11 — Health-care company Anthem Inc. has notified Connecticut that it will provide two years of identity theft protection and credit monitoring to individuals affected by a recently disclosed data breach, Connecticut Attorney General George Jepsen (D) announced in a Feb. 11 statement.

Indiana-based Anthem's offer to provide credit monitoring came one day after Jepsen sent a letter on behalf of his office and nine other state attorneys general calling on Anthem to immediately provide additional detailed information about the breach, as well as offering identity theft protections.

Anthem, the second-biggest U.S. health insurer by market value, revealed Feb. 4 that hackers obtained data on tens of millions of current and former customers and employees in a sophisticated attack that has led to a Federal Bureau of Investigation probe.

“My office has been flooded with phone calls from concerned Connecticut residents who are frustrated with the lack of information from Anthem, and their feelings are completely justified,” Jepsen said in a Feb. 10 statement. “Anthem started out well by publicly disclosing the breach relatively quickly, but its subsequent delay in providing information to affected individuals is flatly unacceptable.”

Joining Jepsen in the letter were the attorneys general of Arkansas, Illinois, Kentucky, Maine, Mississippi, Nebraska, Nevada, Pennsylvania and Rhode Island.

Credit Monitoring, ID Theft Services

In a Feb. 11 statement provided to Bloomberg BNA, Anthem said it is “committed to timely notification to consumers affected by the cyber-attack on one of our databases.”

Since the data breach was discovered, Anthem has been working with a vendor that is making the necessary preparations to provide credit monitoring and identity theft protection services to the millions of people potentially affected by this attack, the company said.

“We have laid out a thoughtful plan with this vendor so that they can accommodate what we anticipate will be very high demand for these services,” Anthem said. “Our goal is to provide peace of mind to consumers, while minimizing frustration.”

Consumers will be able to sign up for these services, which will be offered free of charge for two years, beginning Feb. 13. Information on how to enroll will be posted at anthemfacts.com. It will include identity repair services, identity theft insurance, special protections for minors, phone alerts and identity theft monitoring, as well as credit monitoring.

Anthem said in a Feb. 11 letter to Jepsen's office that the identity theft protections provided by the services will apply to protect members from the day of the potential exposure of their information, something that had been requested by the state attorneys general.

The company also said in its response to Jepsen that it will respond to additional questions posed by the attorneys general under separate cover.

In his Feb. 11 statement, Jepsen applauded the steps taken by Anthem and said his office's investigation into the breach is “active and ongoing.”

To contact the reporter on this story: Martha Kessler in Boston at mkessler@bna.com

To contact the editor responsible for this story: Katie W. Johnson at kjohnson@bna.com

Jepsen's Feb. 10 letter to Anthem is available at http://www.ct.gov/ag/lib/ag/press_releases/2015/20150210_anthembreach.pdf.

Anthem's Feb. 11 letter to Jepsen is available at http://www.ct.gov/ag/lib/ag/press_releases/2015/20150211_anthemresponsetoctag_doi.pdf.