For Immediate Release
September 30, 2020
Concord, NH – Attorney General Gordon J. MacDonald announces that New Hampshire has joined 43 states in a settlement with Anthem stemming from the 2014 data breach that involved the personal information of 78.8 million Americans. In New Hampshire, 667,866 residents were affected by the breach.
Under the settlement, Anthem will make a payment of $39.5 million and will implement a series of data security and good governance provisions designed to strengthen its practices going forward.
In February 2015, Anthem disclosed that cyber attackers had infiltrated its systems beginning in February 2014, using malware installed through a phishing email. The attackers were ultimately able to gain access to Anthem's data warehouse, where they harvested names, dates of birth, Social Security numbers, healthcare identification numbers, home addresses, email addresses, phone numbers, and employment information for 78.8 million Americans.
Anthem has agreed to a series of provisions designed to strengthen its security practices going forward. Those include:
In the immediate wake of the breach, Anthem offered an initial two years of credit monitoring to all affected U.S. individuals.
Anthem had previously entered into a class action settlement that established a $115 million settlement fund to pay for additional credit monitoring, cash payments of up to $50, and reimbursement for out-of-pocket losses for affected consumers. The deadlines for consumers to submit claims under that settlement have since passed.
New Hampshire's share of the settlement will be $365,166.
The Consumer Protection and Antitrust Bureau is funded entirely through the consumer protection escrow account and the settlement funds received through lawsuits brought by the State for the protection of New Hampshire consumers. The Bureau's work includes consumer protection and antitrust enforcement, namely investigating and litigating consumer fraud and unfair or deceptive marketing practices as well as ongoing education and outreach for New Hampshire consumers.
RSA 7:6-f, requires that "Any funds received by the attorney general on behalf of the state or its citizens as a result of any civil judgment or settlement of a claim, suit, petition, or other action under RSA 358-A or related consumer protection statutes shall be deposited in a consumer protection escrow account. The consumer protection escrow account shall at no time exceed $5 million, with any amount in excess of $5 million deposited into the general fund."
New Hampshire's participation in this multistate investigation and settlement was led by Senior Assistant Attorney General Brandon H. Garod, Chief of the Consumer Protection and Antitrust Bureau.
New Hampshire Department of Justice
33 Capitol Street | Concord, NH | 03301