On February 4, 2015, health insurer Anthem disclosed a data breach affecting the personal and financial information of up to eighty million Anthem members throughout the United States. Beginning the very next day, class action lawsuits began to be filed alleging a variety of missteps by Anthem, including a failure to encrypt personal information, delays in disclosing the breach and failing to adequately protect member data despite paying $1.7 million in fines in 2011 and 2012 to redress earlier alleged failures to safeguard information.
To date, more than ninety class actions have been filed throughout the country. One plaintiff filed a motion to consolidate these lawsuits before the Federal Judicial Panel on Multi-District Litigation for the Southern District of Indiana – In re: Anthem, Inc. Customer Data Security Breach Litigation, MDL Docket No. 2617.
While it appears consolidation is inevitable, there is some dispute amongst the various plaintiffs and Anthem as to the proper forum for the proposed multi-district litigation. The two leading candidates are the Southern District of Indiana (where Anthem is headquartered) and the Central District of California (the state where the largest number of individuals affected by the data breach reside).
A hearing date has not yet been scheduled on the motion to consolidate. The substantive merits of the litigation will likely not move forward until the consolidation issue is addressed.
We will keep you advised of updates as they arise.