ATLANTA (CN) - Six Atlanta residents filed a class action against Anthem Inc. and Blue Cross Blue Shield of Georgia over a massive data breach that may affect as many as 80 million of the insurer's customers.
Anthem, the parent company of co-defendant Blue Cross Blue Shield, announced on February 4 that hackers had accessed its computer system and made off with the account information for perhaps as many as 80 million individuals.
The notice claimed that Blue Cross "was the target of a very sophisticated external cyber attack." It later stated that the companies own associates' personal information was also accessed during the breach.
In a complaint filed in the Atlanta Federal Court, the plaintiffs -- Joseph D'Angelo III, Shawn Haggerty, Charity Latimer, Kurt McLaughlin, Tamara Nedlouf and John Thomas II -- allege the defendants failed in their duty to protect customers' personal and financial information.
"Given that Anthem is the nation's second largest health insurer, this breach is potentially one of the largest data breaches in the history of the world," the plaintiffs state early on in the complaint.
And they note, "This is not the first time that Anthem has failed to adequately protect
the personal information of its customers."
"For example, between 2011 and 2012, Anthem illegally exposed over 30,000 customer social security numbers and ended up settling the matter with the California Attorney General," the complaint says. "In 2013, Defendant Anthem agreed to pay $1.7 million to resolve allegations it left the information of more than 612,000 members available online because of inadequate safeguards."
Further, they say, "The U.S. Department of Health and Human Services said that
Defendant's security weaknesses in an online application database left names,
birthdates, addresses, telephone numbers, Social Security numbers, and health data
accessible to unauthorized users."
The vulnerability of healthcare providers to hacking incidents is well known, the plaintiffs say, so much so that the FBI issued an industry-wide warning on it on April 8, 2014.
"Unfortunately, Anthem did not take such warnings seriously and its lax data safeguards have caused damage to its customers yet again," the plaintiffs say.
They seek actual statutory damages, restitution, and disgorgement of funds, pre-judgment and post-judgment interest, and attorneys fees on claims of negligence, breach of contract, bailment and violations of state data breach statutes.
They are represented by Adam Webb of Webb, Klase & Lemond of Atlanta.
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.