Not to be left out, plaintiffs filed suit against CareFirst BlueCross Blue Shield late last week for the hacking incident the insurer suffered in May, which resulted in unknown intruders gaining access to names, dates of birth, email addresses and subscriber identification numbers of approximately 1.1 million members. CareFirst has indicated that the incident did not include a compromise of members’ Social Security numbers or credit card information.
Despite this, plaintiffs allege in the complaint that they had a reasonable expectation that their personal information and health information would be kept confidential. Although the plaintiffs allege that the plaintiffs have been damaged “and have lost or are subject to losing money and property” as a result of the incident, it will be interesting to see what actual damages are alleged to have been suffered when Social Security numbers were not exposed.
Further, the plaintiffs allege that their personal information can be used by identity thieves “to perpetrate a variety of crimes that harm the victims,” but the case does not explain how the information involved can actually be used or has been used against the named plaintiffs.
This is another case we will be watching and reporting on as this area of the law develops, and class action lawsuits become the norm following data breaches.