Anthem Inc. faces what may be the first of many consumer lawsuits a day after disclosing that hackers obtained data on tens of millions of current and former customers and employees.
A California woman on Thursday accused the health insurer of failing to properly secure and protect its customers’ personal information, including names, birth dates and social security numbers, and she seeks to represent all other customers affected by the massive data breach.
Anthem, the second-biggest U.S. health insurer by market value, said Wednesday that its computer system had been targeted in a sophisticated attack by hackers. The Federal Bureau of Investigation is probing the breach, which people familiar with the matter say includes evidence that points to Chinese state-sponsored hackers.
The Anthem attack is on a similar scale to hacks of customer data from Target Corp. in 2013 and Home Depot Inc. last year in terms of the number of people affected. The stolen information also includes street and e-mail addresses and employee data, including income, Anthem said in an e-mail.
“It appears that Anthem’s security system did not involve encrypting Social Security numbers and birth dates –- two of the most valuable pieces of information that a thief can have,” Susan Morris said in her complaint filed in federal court in Santa Ana, California.
She seeks damages for violations of California’s unfair competition and data breach laws, among other claims.
Kristin Binns, a spokeswoman for Indianapolis-based Anthem, didn’t immediately respond to phone and e-mail messages after regular business hours seeking comment on the lawsuit.
The company will notify customers who were affected and provide credit and identify-theft monitoring services for free, Chief Executive Officer Joseph Swedish said in a letter to members.
Connecticut Attorney General George Jepsen said he sent a letter to Anthem Thursday seeking information about the company’s security measures, how it discovered the breach and measures it’s taking to protect against future attacks. Massachusetts Attorney General Maura Healey also said she is investigating the matter.
New York Attorney General Eric Schneiderman has “reached out to Anthem to discuss how the company can best ensure that consumers across New York state are protected,” a spokesman for Schneiderman, Nick Benson, said in a statement.
Data security has become a priority for some public officials in wake of earlier breaches at JPMorgan Chase & Co., Sony Corp.’s entertainment unit and Target.
California Attorney General Kamala Harris on Thursday urged consumers to take precautions after reports of the Anthem breach, such as by reviewing credit reports, placing fraud alerts on accounts and watching out for so-called phishing schemes, through which scammers use e-mails to trick consumers into giving additional private information.
The case is Morris v. Anthem Inc., 15-cv-00196, U.S. District Court, Central District of California (Santa Ana).