US States Say Anthem Too Slow to Inform Customers of Breach

"The delay in notifying those impacted is unreasonable and is causing unnecessary added worry to an already concerned population of Anthem customers," said the letter, which was sent on Tuesday by Connecticut Attorney General George Jepsen on behalf of Connecticut and nine other states.

The letter asked the No. 2 U.S. health insurer to compensate any consumers who are victims of scams, if the fraud occurs before Anthem notifies them of the breach, and offer them free credit monitoring.

"Anthem must commit to reimbursing consumers for any losses associated with this breach during the time period between the breach and the date that the company provides access to credit and identity theft safeguards," said the letter.

Jepsen also asked Anthem to contact his office by Wednesday afternoon with details of its plans to "provide adequate protections" to consumers whose data was exposed in this breach.

The letter was written on behalf of Arkansas, Connecticut, Illinois, Kentucky, Maine, Mississippi, Nebraska, Nevada, Pennsylvania, and Rhode Island.

Anthem said on Tuesday it is committed to timely notification of consumers affected by the attack on its database and has been working with a vendor to prepare to provide credit monitoring and identity repair services to potentially millions of customers.

"We have laid out a thoughtful plan with this vendor so that they can accommodate what we anticipate will be very high demand for these services. We plan to communicate to members very soon, about how exactly they can enroll," the company said in an emailed statement.

Anthem disclosed the massive breach last week, saying that hackers accessed a database of some 80 million consumers and employees that contained Social Security numbers and other sensitive data.

On Friday the company warned US customers about an email scam targeting former and current members.

© Thomson Reuters 2015