WellPoint Sued For Delay In Disclosing Security Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


WellPoint Sued For Delay In Disclosing Security Breach


Indiana Attorney General seeks $300,000 for failure to comply with state law



The Indiana Attorney Generals office today filed a lawsuit against WellPoint Inc., claiming the health insurance provider did not notify its customers or the Attorney Generals office in a timely manner following a data breach earlier this year affecting more than 32,000 customers.
The lawsuit seeks payment of $300,000, according to
news reports
.
Indiana law requires businesses to notify both the individuals potentially affected by a data breach, as well as the Attorney Generals office, without unreasonable delay.
Applications for insurance policies submitted to WellPoint containing Social Security numbers, financial information, and health records were potentially available to the general public through an unsecured Internet website for a period of at least 137 days between October 2009 and March 2010, the attorney generals office said.
According to the states complaint, WellPoint was notified on Feb. 22 of this year -- and again on March 8 -- that application records containing personal information were accessible through its public website.
WellPoint did not begin notifying customers of the security breach until June 18, the complaint says. Following news reports of the breach, the attorney generals office submitted an inquiry to WellPoint and received a response on July 30. The delays in notice both to customers and to the attorney generals office are considered unreasonable, the complaint says. The state is seeking $300,000 in civil penalties.
While most inadvertent security breaches do not result in fraud, notifying those affected in a timely manner significantly reduces the risk of identity theft, the attorney generals office says. Situations involving the theft of personal information for the purposes of identity theft most often result in some form of fraud occurring within seven to 10 days.
The attorney generals office sajd it has not received any consumer complaints relating to identity theft as a result of the WellPoint data breach. The Indiana Attorney Generals Identity Theft Unit continues to investigate the WellPoint data breach and encourages those who may have been affected to perform a credit check and security freeze to guard against identity theft.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WellPoint Sued For Delay In Disclosing Security Breach