Anthem Inc, the largest U.S. health insurance company, has agreed to settle litigation over hacking in 2015 that compromised about 79 million people’s personal information for $115 million, which lawyers said would be the largest settlement ever for a data breach.
The deal, announced Friday by lawyers for people whose information was compromised, must still be approved by U.S. District Judge Lucy Koh in San Jose, California, who is presiding over the case.
The money will be used to pay for two years of credit monitoring for people affected by the hack, the lawyers said. Victims are believed to include current and former customers of Anthem and of other insurers affiliated with Anthem through the national Blue Cross Blue Shield Association.
People who are already enrolled in credit monitoring may choose to receive cash instead, which may be up to $50 per person, according to a motion filed in California federal court Friday.
“We are very satisfied that the settlement is a great result for those affected and look forward to working through the settlement approval process,” Andrew Friedman, a lawyer for the victims, said in a statement.
The credit monitoring in the settlement is in addition to the two years of credit monitoring Anthem offered victims when it announced the breach in February 2015, according to Anthem spokeswoman Jill Becher, who said the company was pleased to be resolving the litigation.
The Indianapolis-based company did not admit wrongdoing, and there was no evidence any compromised information was sold or used to commit fraud, Becher said.
Anthem said in February 2015 that an unknown hacker had accessed a database containing personal information, including names, birthdays, social security numbers, addresses, email addresses and employment and income information. The attack did not compromise credit card information or medical information, the company said.
More than 100 lawsuits filed against Anthem over the breach were consolidated before Judge Koh.
The breach is one of a series of high-profile data breaches that resulted in losses of hundreds of millions of dollars to U.S. companies in recent years, including Target Corp, which agreed to pay $18.5 million to settle claims by 47 states in May, and Home Depot Inc, which agreed to pay at least $19.5 million to consumers last year.