USA: WellPoint Inc. fined $100,000 under Indiana law for delay in notifying customers of data breach

July 12, 2011 – In The News

After Social Security Numbers, health records and financial data of 32,000 WellPoint Inc. customers became accessible online after the company failed to implement adequate security protections while upgrading its website for applications, the company agreed to pay a $100,000 for failing to notify customers and the Indiana Attorney General without reasonable delay that a data breach had occurred.

Fox Rothschild's Michael J. Kline is quoted in a article on this topic.

"'By settling with WellPoint Inc., the Attorney General of Indiana joins the Attorneys General of Connecticut and Vermont in recovering a substantial sum for the state'', Kline said. ''[U]nlike Connecticut and Vermont, the Attorney General of Indiana however proceeded solely under a state law enacted by Indiana in 2009. With this variety of successes, it is likely that more Attorneys General will become aggressive in this area in the future.''

Read the full article in the July 12 issue.