Health insurer Anthem to pay Arizona $280K of $39.5M settlement
Sep 30, 2020, 4:00 PM
(Facebook Photo/Anthem Inc.)
PHOENIX — Arizona will get a share of a multimillion-dollar settlement from health insurer Anthem over a cyberattack on its technology that exposed the personal information of nearly 79 million people.
The state will get over $280,000 of the $39.5 million settlement and will use the money to investigate and pursue other consumer fraud related action, Arizona Attorney General’s Office said Wednesday in a press release.
The company discovered the data breach in early 2015 after hackers had been burrowing into its systems for weeks.
Security experts said at the time that the size and scope of the attack indicated potential involvement by a foreign government.
Hackers used a common email technique called spear-phishing in which unwitting company insiders are tricked into revealing usernames and passwords.
The Anthem attackers gained the credentials of system administrators, allowing them to probe deeply into the insurer’s systems.
The attack exposed information that included names, birthdates, Social Security numbers and medical IDs.
Over 400,000 Arizonans were affected by the breach.
“If a business or a government agency can’t meet their obligations to prevent a data breach or to adequately protect consumers after a breach, they need to be held accountable,” Attorney General Mark Brnovich said in the release.
“Attorneys General are working together to use all available laws to ensure companies take the protection of consumer data seriously.”
The Associated Press contributed to this report.