Less than 12 hours after Anthem Inc. reported hackers had stolen data on as many as 80 million current and former customers, local attorney Irwin Levin already was preparing a class-action lawsuit against the company.
He expects there will be more as Indianapolis-based Anthem tries to control fallout from the largest data breach ever at a U.S. health care company.
“If there’s one place that we expect all of our private data to be safe, it’s with the people we turn over our health information to,” said Levin, of Indianapolis law firm Cohen & Malad. “They formed a contract with people, and people paid premiums. … We’ll be suing them for breach of contract, for negligence and some other legal theories.”
Other recent data breaches have sparked massive litigation against hacked companies. Target Corp. has been hit with more than 100 lawsuits from shoppers, credit card companies and shareholders since late 2013, when a breach exposed 40 million shoppers’ credit and debit card accounts, as well as personal information for as many as 70 million people.
Minnesota-based Target has recorded $248 million in expenses related to the breach and also suffered a dip in U.S. sales.
Anthem, which reported its breach late Wednesday, has said it doesn’t expect the breach to affect 2015 profit. Wall Street analysts generally agreed.
“From a financial perspective, the attack’s timing comes at a time when the open enrollment period for key business lines is largely completed,” UBS analyst A.J. Rice said in a note to investors. That means, unlike Target, Anthem can’t lose many customers, at least immediately, because of the breach.