The health insurance company behind Blue Cross-Blue Shield, Anthem, will pay almost $40 million in order to settle a cyberattack from 2015 which compromised the personal information of around 79 million people, according to officials.
On Wednesday the health insurance company announced that they have agreed to pay $39.5 million in order to settle an investigation by a number of state attorneys general. This was the last open investigation into the cybersecurity attack from 2015. The company also agreed two years ago to pay $16 million in order to settle privacy violations as a result of the attack. Hackers used spear-phishing in order to trick company insiders into revealing their usernames and passwords, which resulted in attackers gaining access to Anthem’s credentials of their administration system. The attacks also allowed the attackers to probe deep into Anthem’s systems, which contained the data of 42 million people in several states.