Proposed Settlement Reached in Premera Data Breach Lawsuit

PORTLAND, Ore., Aug. 29, 2019 /PRNewswire/ -- The parties have reached a settlement in the Premera data breach lawsuit, which arose after Premera was the target of an external criminal?cyberattack that began in May 2014 and resulted in the cyberattackers potentially having access to personal information stored on Premera's computer network. The Settlement, which is still subject to approval by the court, does not include any finding of wrongdoing, and Premera is not admitting any wrongdoing or that any individuals were harmed because of the cyberattack.

Following Premera's announcement of the cyberattack in 2015, a consolidated class action lawsuit was filed in United States District Court for the District of Oregon before the Honorable Michael Simon. This consolidated class action alleges that due to Premera's practices, cyberattackers were able to gain access to the personal information of 10.6 million individuals, including names, addresses, dates of birth, Social Security numbers, protected health information, telephone numbers, and the names of employers.

Under the terms of the proposed Settlement, Premera has agreed to pay $32 million to resolve the litigation. Those funds will pay for an additional two years of premium credit monitoring and identity protection services, as well as out-of-pocket losses, and cash payments to all class members who make claims. The fund will also be used to pay for administrative and notice costs related to the Settlement, including attorneys' fees and costs, and class representative service awards. These benefits will not be available until the settlement has been finally approved by the Court and any appeals have been concluded.

In addition, Premera has agreed to guarantee a minimum of $42 million in funding for its information security program over the next 3 years, and implement and/or maintain a number of specific changes to its information security practices, including:

    --  Encrypting certain personal information;
    --  Strengthening specified data security controls;
    --  Increased network monitoring and logging of monitored activity;
    --  Annual third-party security audits;
    --  Stronger passwords, reduced employee access to sensitive data, and
        enhanced email protections; and
    --  Moving certain data into archived databases with strict access controls.

Interim lead counsel for the Plaintiffs, Kim Stephens, said "After several years of hard-fought litigation, we are pleased that individuals affected by this data breach will receive compensation for their losses and identity theft protection going forward. The settlement also includes extensive and detailed injunctive relief in the form of substantially reformed and improved information security practices, designed to protect the class members' information from future attacks." "This is a great result that will provide real and meaningful relief to the class," added Keith Dubanevich, interim liaison counsel for Plaintiffs.

Premera's Executive Vice President and Chief Information Officer, Mark Gregory, said, "We are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was potentially accessed during the cyberattack. Premera takes the security of its data and the personal information of its customers seriously and has worked closely with state and federal regulators and their information security experts. The company recently achieved an industry-leading HITRUST certification, demonstrating its ability to identify risks, protect assets, detect attacks, and respond and restore capabilities should the need arise."

The Plaintiffs filed a motion for preliminary approval of the settlement on May 30, 2019, which the Court granted on July 29, 2019. Notice to Class Members of the settlement terms, including details regarding the timing and process through which to file a claim for Settlement benefits, will commence no later than August 29, 2019.

A third-party Settlement Administrator will manage the Settlement, which will be overseen by the Court in this litigation. The settlement administrator will be the best resource for questions about the settlement, including how to register for the credit monitoring or identity protection services offered, or how to submit claims for out-of-pocket costs or alternative compensation. The Court has scheduled a Final Fairness Hearing in this case for March 2, 2020 at which time the Court will consider whether the Settlement is fair, reasonable, and adequate and decide whether to approve: the Settlement; Class Counsel's application for attorneys' fees, costs and expenses; and the service awards to the Plaintiffs.

View original content:http://www.prnewswire.com/news-releases/proposed-settlement-reached-in-premera-data-breach-lawsuit-300908835.html

SOURCE United States District Court for the District of Oregon