State Sues WellPoint Over Data Breach

State Says Company Took Too Long To Inform Customers

The attorney general's office is suing health insurance giant WellPoint Inc. for $300,000 for waiting months to notify customers that their medical records, credit card numbers and other sensitive information may have been exposed online.

The lawsuit filed Friday in Marion County accuses WellPoint of violating a state law that requires businesses to provide notification of data breaches in a timely manner.

State officials said the personal records were exposed for at least 137 days between last October and March. The suit alleges WellPoint learned of the problem Feb. 22 but didn't start notifying customers until June.

WellPoint has said 470,000 individual insurance customers might have been affected.

In a statement Friday, the company said it has worked extensively to ensure customers were not victimized.

"Anthem Blue Cross and Blue Shield is committed to protecting the privacy and security of our members' and applicants' personal information, in accordance with all applicable laws and regulations," said spokesman Tony Felts. "As soon as the situation was discovered, we made the necessary security changes to prevent it from happening again."