Zoeller sues over alleged data breach
INDIANAPOLIS (Legal Newsline) - Indiana Attorney General Greg Zoeller announced on Friday that his office has filed a lawsuit against a health insurance provider, alleging that it failed to disclose a data breach to its customers.
The Indianapolis-based WellPoint Inc. allegedly had a data breach earlier this year that affected more than 32,000 customers. The company allegedly failed to notify its customers or Zoeller's office in a timely manner.
According to state law, businesses must inform both the individuals potentially affected by any data breach, as well as the office of the attorney general, without unreasonable delay. This requirement was supported by Zoeller and included in House Enrolled Act 1121, which took effect in July 2009.
The breach occurred when applications for insurance policies submitted to WellPoint between Oct. 2009-March 2010 were potentially available to the general public through an unsecured Internet website, Zoeller says. The information contained social security numbers, financial information and health records.
Zoeller alleges that WellPoint was notified on Feb. 22 and again on March 8 that these sensitive records were accessible this way, but failed to alert customers until June 18. The attorney general's office, following news of the breach, submitted an inquiry to WellPoint, receiving a response on July 30.
Although Zoeller's office has not received any consumer complaints relating to identity theft as a result of the WellPoint data breach, fraud resulting from the theft of personal information for the purposes of identity theft is a big problem in the nation.
Zoeller is seeking $300,000 in civil penalties.