State Sues WellPoint Over Data Breach NotificationState Sues WellPoint Over Data Breach Notification
The state of Indiana's attorney general is suing insurer WellPoint Inc. for $300,000 for not notifying customers in a timely enough manner that their data was at risk.
October 31, 2010
The state of Indiana's attorney general is suing insurer WellPoint Inc. for $300,000 for not notifying customers in a timely enough manner that their data was at risk.That data, according to state officials, included credit card numbers and medical records. The breach may have affected 470,000. According to Bloomberg Businessweek: "The lawsuit filed Friday in Marion County accuses WellPoint of violating a state law that requires businesses to provide notification of data breaches in a timely manner.
State officials say the personal records were exposed for at least 137 days between last October and March. The suit says WellPoint learned of the problem Feb. 22 but didn't start notifying customers until June.
The IndyChannel.com published the following almost obligatory post-data-breach statement:
"Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations," said spokesman Tony Felts. "As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again." I'd like to see more commitment from companies before a breach ever occurs, rather than heightened commitment for a few months following a breach.
For my security and technology observations throughout the day fine me on Twitter.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
The State of Supply Chain Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment