The lawsuit filed Friday in Marion County accuses WellPoint of violating a state law that requires businesses to provide notification of data breaches in a timely manner.
State officials say the personal records were exposed for at least 137 days between last October and March. The suit says WellPoint learned of the problem Feb. 22 but didn't start notifying customers until June.
The IndyChannel.com published the following almost obligatory post-data-breach statement:
I'd like to see more commitment from companies before a breach ever occurs, rather than heightened commitment for a few months following a breach.
"Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations," said spokesman Tony Felts. "As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again."
For my security and technology observations throughout the day fine me on Twitter.