Breach Suit Against Aetna DismissedCourt cites lack of evidence
In May 2009, Aetna confirmed that some e-mail addresses had been copied from its job application Web site and used to send out phony e-mails. The Hartford, Conn.-based insurer offered free credit report monitoring for a year to about 65,000 individuals in case their information was breached.
The phishing e-mails appeared to be from Aetna and asked for additional personal information.
In addition, Social Security numbers and other personal information was stored on the Web site. When the insurer reported the breach, and again when the lawsuit was filed, a company spokesperson told the media that Aetna had found no evidence that any information, other than the e-mail addresses, was inappropriately accessed.
The U.S. District Court for the Eastern District of Pennsylvania earlier this month dismissed the suit filed by a former employee, Cornelius Allison, who had applied via the Web site to rejoin the insurer's staff in January 2009. He had claimed he incurred out-of-pocket expenses for additional identity theft protection services, and stated he and others affected "face a significant risk of identity theft."
Basis of decision
The court ruled that Allison's claim against the insurer was invalid because its allegation of increased risk of identity theft was "far too speculative."
The court stated that Allison presented no evidence that his personal information was inappropriately accessed, plus he never received the phishing e-mail.
"At best, the plaintiff has alleged a mere possibility of an increased risk of identity theft...and he certainly has not asserted a credible threat of identity theft," according to the ruling.