Indiana attorney general sues WellPoint over breach

Share this article:
The Indiana attorney general's office has filed a lawsuit against Indianapolis-based health insurance provider WellPoint for taking months to notify state residents whose personal information was breached.

The lawsuit, filed Friday, contends that WellPoint violated state law, which requires breached businesses to notify affected individuals and the attorney general's office “without reasonable delay,” Attorney General Greg Zoeller said in a news release.

Zoeller said WellPoint learned of the breach, which affected more than 32,000 Indiana citizens, on Feb. 22, but did not begin notifying customers until almost four months later, on June 18.

After learning of the exposure through media reports, Zoeller's office tried to contact WellPoint, receiving a response in late July.

“The delays in notice to both customers and to the attorney general's office are considered unreasonable,” the news release states.

The state is seeking $300,000 in civil penalties.

According to Zoeller, applications for insurance policies submitted to WellPoint that contained citizen's Social Security numbers, financial information and health records may have been available to the public through an unsecured website for at least 137 days, between October 2009 and March 2010.

WellPoint previously had disclosed that the breach was the result of a faulty website upgrade and may have affected 470,000 customers of Anthem Blue Cross, a WellPoint company.

The health insurer is facing at least one other lawsuit over the incident, a class-action complaint filed on behalf of customers whose information was breached.

In a statement sent to SCMagazineUS.com on Tuesday, WellPoint did not address the lawsuit, but said that as soon as the breach was discovered, the company made “necessary security changes” to ensure a similar incident does not occur again.

“Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations,” the statement said.

Meanwhile, this is not the first time WellPoint has experienced a breach.

In 2008, it was discovered that the personal information of about 128,000 WellPoint customers from several states was publicly available on the internet. And in 2006, backup computer tapes containing the personal information of 200,000 members were stolen.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.