Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Court approves $115 million settlement for health insurer data breach

Privacy/Cyber Risk & Data Security Courts Data Breach Settlement

Privacy, Cyber Risk & Data Security

On August 15, the U.S. District Court for the Northern District of California issued final approval for a $115 million class action settlement to resolve claims stemming from a large health insurer’s 2015 data breach. As previously covered by InfoBytes, in June 2017, the health insurer and plaintiffs came to the $115 million agreement regarding the company’s 2015 data breach, exposing consumers’ and employees’ social security numbers, birthdays, and other personal data to hackers. The settlement agreement provides for (i) two years of credit monitoring; (ii) reimbursement of out-of-pocket costs related to the breach; and (iii) alternative cash payment for credit monitoring services already obtained. While the settlement agreement was challenged after the initial deal was struck, the court noted that the objectors “ignore that the [s]ettlement provides the class with a timely, certain, and meaningful recovery.” Moreover, the court notes the objectors do not account for the “strong message” it sends to the health insurer, stating, “a settlement does not need to provide for all possible recoverable damages to deter wrongdoing.”