Indiana Sues Wellpoint for Data Breach
PRIVACY LAW—U.S.November 1, 2010
The Indiana attorney general's office is suing health insurance giant Wellpoint, Inc., for $300,000 for waiting months to notify customers that their medical records, credit card numbers and other sensitive information may have been exposed online, the Associated Press reports. The suit, filed last week in Marion County, IL, alleges that Wellpoint violated state law requiring data breach notifications because it knew of a privacy breach that exposed up to 470,000 customers' personal information for at least 137 days between last October and March but didn't alert those customers until June, the report states. WellPoint says it notified customers after identifying those potentially affected.