Ten U.S. states believe that Anthem, Inc. lagged in notifying customers impacted by its recent data breach which impacted up to 80 million policyholders.
A letter written by Connecticut Attorney General George Jepsen, on behalf of Connecticut and nine other states, calls on Anthem to reimburse customers who experienced fraud between the time the breach took place and the time they enlisted for the free credit monitoring that the health care company offered, according to The Hill.
Jepsen believes the “unreasonable” delay in notifying those affected has caused “added worry” to already concerned customers.
Following the breach – detected on Jan. 29 and disclosed on Feb. 4 – interest quickly grew in underground forums and marketplaces to request the stolen data. A recent report by cybersecurity journalist Brian Krebs indicates that the breach may have taken place as early as April 2014.