1
UNITED STATES DISTRICT COURT
FOR THE SOUTHERN DISTRICT OF INDIANA
INDIANAPOLIS DIVISION
AMANDA HADLEY, individually and on
behalf of all others similarly situated,
Plaintiff,
v.
ANTHEM, INC. an Indiana corporation,
Defendant.
)
)
)
)
)
)
)
)
)
No. 15-403
DEMAND FOR JURY TRIAL
PLAINTIFF’S CLASS ACTION COMPLAINT
Plaintiff Amanda Hadley (“Plaintiff”) files this Class Action Complaint (“Complaint”) on
behalf of herself and all others similarly situated, by and through the undersigned attorneys,
against Defendant Anthem, Inc. (“Defendant” or “Anthem”), which was known previously as
WellPoint, Inc., and alleges as follows upon personal knowledge as to herself and her own acts
and experiences, and, as to all other matters, upon information and belief based upon, inter alia,
investigation conducted by her attorneys.
I. NATURE OF THE ACTION
1. On February 4, 2015, Anthem revealed that it had suffered a catastrophic data
breach (“Data Breach”) of its information technology system (“Network”). Anthem is the
second largest health insurer in the United States. This was not the first time Anthem has
suffered a massive data breach, but it is the worst.
2. The hackers gained access to sensitive and confidential data entrusted to Anthem,
including full names, social security numbers/medical identification numbers, home addresses,
email addresses, employment information (including income data), dates of birth, and other
personal information (“Personally Identifying Information” or “PII”). Anthem is continuing to
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 1 of 24 PageID #: 1
2
assess the impact of the Data Breach. To date, it has been reported that the Data Breach
compromised the data of approximately 80 million current and former Anthem members,
including approximately 19 million consumers who are covered by non-Anthem Blue Cross and
Blue Shield plans, dating back to 2004.1
3. Anthem left the most sensitive PII of its consumers and employees vulnerable to
data breach and misuse because, in part, the data was unencrypted. Anthem suffered the
catastrophic Data Breach because it failed to develop, maintain, and implement sufficient
security measures on its database, particularly given the fact that its systems harbor medical and
other private data. Indeed, as discussed below, Anthem has previously been investigated for its
failure to reasonably protect PII and was subsequently the subject of a similar — though far less
massive — data breach, which resulted in a government fine, private litigation and a class action
settlement. Further, last summer, the FBI issued a warning that the health care industry might be
targeted by hackers. Nevertheless, Anthem has repeatedly failed to take these warnings to heart.
4. Anthem’s recent Data Breach also follows in the wake of a number of widely
publicized data breaches affecting companies such as Target, Home Depot, Neiman Marcus,
Community Health Systems, Inc., Michaels Stores, Jimmy Johns, Sony Pictures Entertainment,
J.P. Morgan Chase & Co., P.F. Chang’s, Staples, and others. Notwithstanding these earlier data
security incidents at Anthem and at others, Anthem failed to take adequate steps to prevent the
Data Breach from occurring.
5. Anthem’s reaction to the Data Breach has been anemic at best. It has failed to
timely notify affected employees and consumers, including Plaintiff. For a portion of affected
1 Leisa Richardson, Anthem Hack Offers Big Lessons for Business, Consumers, IndyStar (Feb. 7, 2015), available at
http://www.indystar.com/story/money/2015/03/01/anthem-hack-offers-big-lessons-business-
consumers/24084979/.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 2 of 24 PageID #: 2
3
consumers and employees, Anthem originally offered credit monitoring and identity protection
for a period of one year – a woefully deficient short-term solution to a lifelong problem.
Subsequently, Anthem increased this period to two years, but this offering remains wholly
inadequate to protect affected consumers and employees, because the Data Breach has put their
credit and identities at risk for the rest of their lives.
6. Consumers and employees face a “lifelong battle” to control the damages of their
PII being stolen by hackers, including fraudulent tax returns, stolen identities, and/or medical
identify fraud.2 Anthem’s failure to adequately protect PII has caused, and will continue to
cause, substantial customer harm and injuries to Anthem consumers and employees across the
United States.
7. Plaintiff, individually and on behalf of the Class defined below, seeks to hold
Anthem accountable for the Data Breach by ensuring that it provide adequate protection to those
affected. Plaintiff seeks relief for Anthem's breach of implied contractual obligations,
negligence, violations of certain statutes discussed infra, bailment and, alternatively, unjust
enrichment.
II. JURISDICTION AND VENUE
8. This Court has subject matter jurisdiction of this action pursuant to 28 U.S.C.
§ 1332 of the Class Action Fairness Act of 2005 because: (i) there are 100 or more class
members, (ii) there is an aggregate amount in controversy exceeding $5,000,000, exclusive of
interest and costs, and (iii) there is minimal diversity because at least one plaintiff and defendant
2 Shary Rudavsky, Anthem Data Breach Could Be “Lifelong Battle” for Customers, IndyStar (Feb. 7, 2015),
available at http://www.indystar.com/story/news/2015/02/05/anthem-data-breach-lifelong-battle-
customers/22953623/.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 3 of 24 PageID #: 3
4
are citizens of different states. This Court also has supplemental jurisdiction over the state law
claims pursuant to 28 U.S.C. § 1367.
9. This Court has personal jurisdiction over Defendant because it maintains its
principal place of business in this judicial district and division and has such minimum contacts in
this state to make this Court’s exercise of jurisdiction proper.
10. Venue is proper in this judicial district and division pursuant to 28 U.S.C. § 1391
because Defendant is headquartered in this district and division, is subject to personal
jurisdiction in this district and division, and therefore is deemed to be a citizen of this district and
division. Additionally, a substantial part of the events and/or omissions giving rise to the claims
occurred within this district and division.
III. PARTIES
11. Plaintiff Amanda Hadley is currently a resident of the State of North Carolina.
Plaintiff Hadley has medical insurance coverage through Anthem Blue Cross Blue Shield. As a
result of Plaintiff Hadley’s insurance coverage, on information and belief, Defendant Anthem
obtained, used, and stored her PII, which she expected to be safeguarded and kept confidential.
On information and belief, Plaintiff Hadley’s PII was compromised when hackers accessed
Anthem’s Network, including but not limited to her full name, current address, date of birth,
medical identification number, social security number, email address, employment information,
and income data. Plaintiff Hadley did not consent to relinquish control over her PII or allow her
PII to be publicized in providing this information to Anthem. She is greatly troubled by her loss
of control over her PII and/or publication of her PII, and believes that part of her insurance
premium was paid to ensure reasonable security of her PII. Plaintiff Hadley also feels stress over
her loss of control over her PII and/or publication of her PII, which she fears will subject her to
lifelong exposure to identity theft, medical data misuse and other repercussions.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 4 of 24 PageID #: 4
5
12. Due to the extremely problematic nature of the loss of control and/or publication
of Plaintiff Hadley’s PII, her resulting stress, and Defendant’s lack of timely notice and response
to the Data Breach, to date, Plaintiff Hadley has expended hours attempting to safeguard herself
from identity theft or other harms caused by the release of her PII as a result of the Data Breach.
Going forward, Plaintiff Hadley anticipates spending considerable time in an effort to contain the
impact of Anthem’s Data Breach as it relates to her PII that, on information and belief, is now in
the public domain.
13. Defendant Anthem is an entity incorporated in the State of Indiana with its
headquarters and principal place of business located at 120 Monument Circle in Indianapolis,
Indiana. Anthem was previously known as WellPoint, Inc., and was formed when Anthem
Insurance Company bought WellPoint Health Networks in 2004. Anthem issues securities that
are publicly traded on the New York Stock Exchange under the ticker symbol “WLP.”
IV. FACTUAL ALLEGATIONS
Anthem Has Repeatedly Failed to Reasonably Protect Consumer and Employee PII
14. In 2009, an investigation by the U.S. Department of Health and Human Services
(“HHS”) under the Health Insurance Portability and Accountability Act (“HIPAA”) found that
Anthem, doing business as WellPoint, did not adequately implement policies and procedures to
protect unsecured “electronic protected health information” covered by HIPAA.
15. In 2010, a second investigation by HHS found that WellPoint still did not
adequately implement policies and procedures to protect unsecured “electronic protected health
information” covered by HIPAA, and that names, dates of birth, addresses, Social Security
numbers, telephone numbers and health information of 612,000 WellPoint customers and
employees were disclosed as a result.
16. HHS fined Anthem approximately $1.7 million for the 2010 data breach.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 5 of 24 PageID #: 5
6
17. WellPoint’s chief information security officer at the time of the fine was Roy
Mellinger. He currently remains chief information security officer for Anthem.
18. In addition, despite Anthem’s offer of one year of credit monitoring to its insureds
as a result of the 2010 data breach, private litigation, including class action litigation, was
initiated.
Non-Financial PII has Long-Term Value on the Black Market
19. In a carefully crafted letter to Anthem members that was posted on Anthem’s
website on February 6, 2015, Anthem CEO Joseph R. Swedish emphasized that while he was not
currently aware of evidence that “credit card or medical information, such as claims, test results
or diagnostic codes” had been compromised through the Data Breach, numerous types of PII had
been compromised by it:
[A]ttackers gained unauthorized access to Anthem’s IT system and have obtained
personal information from our current and former members such as their names,
birthdays, medical IDs/social security numbers, street addresses, email addresses and
employment information, including income data.
20. As noted by Kiplinger, however, the current lack of confirmed credit card
information compromise is no reason to breathe a sigh of relief for the Class:
The truth is, you might have been better off if only card information had been stolen
because what the hackers got is potentially much more valuable: full names, birthdays,
street addresses and Social Security numbers. “They got your secret sauce,” says Neal
O’Farrell, a security and identity theft expert for Credit Sesame. “It’s as good as your
DNA to hackers.” 3
21. Moreover, the value of the non-financial PII that Anthem admits was
compromised by the Data Breach is highlighted by HIPAA’s protection of it.
3 Cameron Huddleston, How to Protect Your Kids From the Anthem Data Breach,” Kiplinger (Feb. 10, 2015),
http://www.kiplinger.com/article/credit/T048-C011-S001-how-to-protect-your-kids-from-the-anthem-data-
brea.html.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 6 of 24 PageID #: 6
7
22. Senior HHS advisor Rachel Seeger has been quoted in the media emphasizing that
names and Social Security Numbers are protected under HIPAA—even if no specific diagnostic
or treatment information is disclosed:
The personally identifiable information that HIPAA-covered health plans maintain on
enrollees and members — including names and Social Security Numbers — is protected
under HIPAA, even if no specific diagnostic or treatment information is disclosed.
23. As reported by Reuters, non-financial data “is worth 10 times more than your
credit card number on the black market.” This is because non-financial data theft is often not
immediately identified, “giving criminals years to milk such credentials.” This makes non-
financial data more valuable than credit cards, “which tend to be quickly canceled by banks once
fraud is detected.”4
24. Today, as reported by CreditCards.com, hackers are looking to steal non-financial
information so they can “continue to monetize victims’ identifies over a longer period of time.”
Specifically, “[o]nce hackers have a medical ID, they can use it to procure prescription drugs or
expensive medical equipment or simply to commit financial fraud – often for months or years
before anyone notices.”5
25. As summed up by Kiplinger:
Unlike a credit card, you can’t cancel a Social Security number, which puts you at risk of
being a lifelong victim … Thieves can use that number to steal your identity and file
fraudulent tax returns, rack up debt in your name and more.6
4 Caroline Humer and Jim Finkle, Your Medical Record is Worth More to Hackers than Your Credit Card, Reuters
(Sept. 24, 2014), http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-
idUSKCN0HJ21I20140924. 5 Cathleen McCarthy, How to Spot and Prevent Medical Identity Theft, CreditCards.com,
http://www.creditcards.com/credit-card-news/spot-prevent-medical-identity-theft-1282.php (last updated Aug. 19,
2014). 6 Huddleston, supra note 3.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 7 of 24 PageID #: 7
8
Use of Compromised Non-Financial PII is Costly to Its Owners
26. Once use of compromised non-financial PII is detected, the emotional and
economic consequences to its owners is significant. As reported by CreditCards.com:
The Ponemon Institute found that 36 percent of medical ID theft victims pay to
resolve the issue, and their out-of-pocket costs average nearly $19,000. Even if
you don't end up paying out of pocket, such usage can wreak havoc on both
medical and credit records, and clearing that up is a time-consuming headache.
That's because medical records are scattered. Unlike personal financial
information, which is consolidated and protected by credit bureaus, bits of your
medical records end up in every doctor's office and hospital you check into, every
pharmacy that fills a prescription and every facility that processes payments for
those transactions.
Anthem Was Obligated to Keep Consumer and Employee PII Reasonably Secure
27. As a health insurer, Anthem knows or should know of the risks its consumers and
employees face when their PII is misused and of the need to carefully safeguard this information,
in part because hackers breach the healthcare industry more frequently than any other segment of
the economy.7
28. Anthem’s own HIPAA Notice of Privacy Protection provides:
We are dedicated to protecting your [personal health information], and have set up a
number of policies and practices to help make sure your [personal health information] is
kept secure
…
We keep your oral, written and electronic [personal health information] safe using
physical, electronic, and procedural means. These safeguards follow federal and state
laws. Some of the ways we keep your [personal health information] safe include
securing offices that hold [personal health information], password-protecting computers,
and locking storage areas and filing cabinets. We require our employees to protect
[personal health information] through written policies and procedures. These policies
limit access to [personal health information] to only those employees who need the data
to do their job. Employees are also required to wear ID badges to help keep people who
do not belong out of areas where sensitive data is kept. Also, where required by law, our
affiliates and nonaffiliates must protect the privacy of data we share in the normal course
7 Mark Greisiger, Cyber Liability & Data Breach Insurance Claims, NetDiligence 2013, at p. 2, available at
http://www.netdiligence.com/files/CyberClaimsStudy-2013.pdf.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 8 of 24 PageID #: 8
9
of business. They are not allowed to give [personal health information] to others without
your written OK, except as allowed by law and outlined in this notice.8
29. Consumers and employees rely on health insurers such as Anthem to maintain
their sensitive health and PII to ensure it is both private and secure.
30. Anthem claims to maintain state-of-the-art information security systems to protect
its customer personal health and financial data.9
31. Yet, despite its promises, hackers were able to access millions of Anthem’s
unencrypted customers’ PII, including names, birthdays, medical IDs/social security numbers,
street addresses, email addresses and employment information, including income data.10 Further,
once hackers had gained access to Anthem’s computers, they “were able to roam around for
seven weeks inside Anthem’s computers” before Anthem noticed the breach on January 27,
2015.11
32. Anthem confirmed that all of its product lines were impacted by the Data Breach,
including Anthem Blue Cross, Blue Cross of California, Anthem Blue Cross and Blue Shield,
Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup,
Caremore, Unicare, Healthlink, and DeCare.
8 Anthem’s HIPAA notice titled, “Information that’s important to you,” located on its website at
https://www.anthem.com/health-insurance/nsecurepdf/english common 11832ANMEN (last visited February 11,
2015). 9 Kara Brandeisky, Anthem Health Insurance Was Hacked. Here’s What Customers Need to Know, Time (Feb. 5,
2015), available at http://time.com/money/3697026/anthem-data-breach-social-security/. 10
Anthem CEO Joseph R. Swedish’s statement to Anthem consumers, available at < http://www.anthemfacts.com/
(last visited February 11, 2015). See also Health Insurer Anthem Didn’t Encrypt Data Stolen – Update, The Wall
Street Journal, Feb. 5, 2015. 11
J.K. Wall, Anthem’s IT System Had Cracks Before Hack, Indianapolis Business Journal (Feb. 14, 2015),
available at http://www.ibj.com/articles/51789-anthems-it-system-had-cracks-before-hack.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 9 of 24 PageID #: 9
10
33. The hackers who breached Anthem’s records were able to access a database
containing up to 80 million current and former customers, and employees’ records.12
34. Anthem did not announce that its data systems maintaining personal, financial and
potentially health information of its customers and employees was compromised immediately.
Instead, Anthem waited to announce that its systems were compromised, and that up to 80
million consumer and employees’ records had been stolen, until February 4, 2015.
35. Before the breach, Anthem did not encrypt the data in this database, including
Social Security numbers and other PII.13 Encryption is considered the most effective way to
secure data.14 Without encryption, the hackers who accessed the information will be able to
easily access all of the PII accessed.
36. It was not until after the Data Breach, that Anthem retained Mandiant, a leading
cybersecurity firm, to evaluate Anthem’s systems and identify solutions to Anthem’s systems’
vulnerabilities.15
37. Anthem could have retained Mandiant, or another cybersecurity consultant, prior
to the Data Breach to analyze and identify solutions for its systems’ vulnerabilities, and this
could have prevented the Data Breach from occurring, or at the least minimized the amount of
information stolen from Anthem’s systems.
12
Brandeisky, supra note 9. 13
Bruce Japsen, Hackers Stole Data on 80 Million Anthem Customers. Why Wasn’t It Encrypted?, Forbes (Feb. 6,
2015), available at http://www.forbes.com/sites/brucejapsen/2015/02/06/anthem-didnt-encrypt-personal-data-and-
privacy-laws-dont-require-it/. 14
Id. 15
Anthem CEO Joseph R. Swedish’s statement to Anthem consumers, available at < http://www.anthemfacts.com/
(last visited February 11, 2015).
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 10 of 24 PageID #: 10
11
38. Indeed, Anthem and other health insurers routinely maintain consumer and
employees’ health and financial information, and have been on notice of potential cyber attacks
seeking to get consumers and employees PII.
39. In 2014, the Federal Bureau of Investigation’s cyber division warned health care
systems that cyber attacks were likely to occur after January 2015, when healthcare companies
were required to transfer from paper medical records over to electronic records.16 The FBI
pointed out that healthcare companies were more susceptible to cyber attacks, making future
attacks likely. The FBI’s report was highly publicized, being reported by such news agencies as
Reuters.17
40. Indeed, even before the full transition over to electronic medical records, other
healthcare companies were the targets of major cyber attacks. According to a SANS Analyst
Whitepaper from February 2014 titled, “Health Care Cyberthreat Report: Widespread
Compromises Detected, Compliance Nightmare on Horizon,” healthcare providers, including
insurance companies, were regular targets of cyber attacks, and particularly vulnerable to them.18
41. Anthem was aware that it needed to maintain the security of its customers’ Private
Information. In its SEC Form 10-K filings dated February 20, 2014, Anthem acknowledged that
it must maintain and upgrade its data systems to protect its customers’ data.19
16
FBI Cyber Division Private Industry Notification, April 8, 2014, available at
https://info.publicintelligence.net/FBI-HealthCareCyberIntrusions.pdf (last visited February 11, 2015). 17
Jim Finkle, Exclusive: FBI Warns Healthcare Sector Vulnerable to Cyber Attacks, Reuters (Apr. 23, 2014),
http://www.reuters.com/article/2014/04/23/us-cybersecurity-healthcare-fbi-exclusiv-idUSBREA3M1Q920140423. 18
Barbara Filkins, Health Care Cyberthreat Report, SANS, February 2014, available at http://pages.norse-
corp.com/rs/norse/images/Norse-SANS-Healthcare-Cyberthreat-Report2014.pdf (last visited February 11, 2015). 19
SEC Form 10-k Annual Report for the Year Ending December 31, 2013, available at
http://www.sec.gov/Archives/edgar/data/1156039/000115603914000003/wlp-20131231x10k.htm.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 11 of 24 PageID #: 11
12
42. Yet, despite the many warnings, Anthem’s own promises to maintain data
security, and the critical nature of maintaining the security of consumer and employees’ financial
information, Anthem did not even take steps to encrypt the sensitive PII of its customers and
employees that it maintained.
43. Anthem also did not disclose to anyone that it did not have adequate security
systems in place to keep Plaintiff and other customers’ personal, financial and health information
that Anthem maintained on its computer systems private and secure.
44. Due to Anthem’s failure to maintain the privacy and security of Plaintiff’s and
Class Members’ private personal, financial and health information, Anthem has violated the law
and breached its duties to its customers.
V. CLASS ALLEGATIONS
45. This action asserts claims on behalf of a nationwide class, and a North Carolina
subclass (together “Class”) pursuant to Federal Rules Civil Procedure 23(a), 23(b)(1), 23(b)(2),
23(b)(3), and/or 23(c)(4), which class and subclasses consist of persons who had their data stolen
from Anthem’s systems as follows:
All persons in the United State whose personal, medical or financial information was
compromised by the data breach disclosed by Anthem on February 4, 2014 (the “National
Class”).
All persons in North Carolina whose personal, medical or financial information was
compromised by the data breach disclosed by Anthem on February 4, 2015 (the “North
Carolina Subclass”).
46. Excluded from the Class are Defendant, its CEO, and the Judge(s) assigned to this
case. Plaintiff reserves the right to modify, change or expand the Class definition after
conducting discovery.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 12 of 24 PageID #: 12
13
47. Numerosity: The Class is so numerous that joinder of all members is
impracticable. Anthem has acknowledged that as many as 80 million records may have been
compromised by the Data Breach.
48. Existence and Predominance of Common Questions of Fact and Law:
Common questions of law and fact exist as to all members of the Class. These questions
predominate over the questions affecting individual Class members. These common legal and
factual questions include, but are not limited to:
A. whether Defendant's data security and retention policies were
unreasonable;
B. whether Defendant failed to protect the confidential and highly sensitive
information to which it was entrusted;
C. whether Defendant breached any legal duties in connection with the data
breach;
D. whether Defendant's conduct violated the Indiana Deceptive Consumer
Sales Act;
E. whether Defendant was negligent;
F. whether Defendant was unjustly enriched; and
G. whether Plaintiff and Class members are entitled to monetary damages
and/or other remedies and, if so, the nature of any such relief.
49. Typicality: All of Plaintiff’s claims are typical of the claims of the Class since
Plaintiff and all members of the Class had their personal, confidential, and highly sensitive
information compromised in the Data Breach announced on February 4, 2015.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 13 of 24 PageID #: 13
14
50. Adequacy: Plaintiff is an adequate representative because her interests do not
materially or irreconcilably conflict with the interests of the Class that she seeks to represent, she
has retained counsel competent and highly experienced in complex class action litigation, and
she intends to prosecute this action vigorously. The interests of the Class will be fairly and
adequately protected by Plaintiff and her counsel.
51. Superiority: A class action is superior to all other available means of fair and
efficient adjudication of the claims of Plaintiff and members of the Class. The injury suffered by
each individual Class member is relatively small in comparison to the burden and expense of
individual prosecution of the complex and extensive litigation necessitated by Defendant’s
conduct. It would be virtually impossible for members of the Class individually to effectively
redress the wrongs done to them. Even if the members of the Class could afford such individual
litigation, the court system could not. Individualized litigation presents a potential for
inconsistent or contradictory judgments. Individualized litigation increases the delay and
expense to all parties and to the court system presented by the complex legal and factual issues
of the case. By contrast, the class action device presents far fewer management difficulties, and
provides the benefits of single adjudication, economy of scale, and comprehensive supervision
by a single court. Members of the Class can be readily identified and notified based on, inter
alia, Defendant's records and databases. Indeed, Anthem claims to already be in the process of
notifying them.
52. Defendant has acted, and refused to act, on grounds generally applicable to the
Class, thereby making appropriate final relief with respect to the Class as a whole.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 14 of 24 PageID #: 14
15
FIRST CAUSE OF ACTION
NEGLIGENCE
53. Plaintiff and the Class reallege and incorporate by reference the allegations
contained in each of the preceding paragraphs of this Complaint as if fully set forth herein.
54. Defendant owed a duty to the Class to exercise reasonable care in obtaining,
securing, safeguarding, deleting and protecting Plaintiff’s and the Class’ PII within its possession
or control from being compromised, lost, stolen, accessed and misused by unauthorized persons.
This duty included, among other things, designing, maintaining and testing Anthem’s security
systems to ensure that Plaintiff’s and Class members’ PII in Anthem’s possession was
adequately secured and protected. Anthem further owed a duty to Plaintiff and the Class to
implement processes that would detect a breach of its security system in a timely manner and to
timely act upon warning and alerts including those generated by its own security systems.
55. Anthem owed a duty to Plaintiff and the members of the Class to provide security,
including consistent with of industry standards and requirements, to ensure that its systems and
networks, and the personnel responsible for them, adequately protected the PII of its consumers
and employees.
56. Anthem owed a duty of care to Plaintiff and the members of the Class because
they were foreseeable and probable victims of any inadequate security practices. Anthem knew
or should have known it had inadequately safeguarded its Network, particularly in light of its
prior breaches, as noted above, and yet Anthem failed to take reasonable precautions to
safeguard consumers and employees’ PII.
57. Anthem owed a duty to timely and accurately disclose to Plaintiff and members of
the Class that their PII had been or was reasonably believed to have been compromised. Timely
disclosure was required, appropriate and necessary so that, among other things, Plaintiff and the
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 15 of 24 PageID #: 15
16
members of the Class could take appropriate measures to avoid identify theft or fraudulent
charges, including, monitor their account information and credit reports for fraudulent activity,
contact their banks or other financial institutions, obtain credit monitoring services, file reports
with law enforcement and other governmental agencies and take other steps to mitigate or
ameliorate the damages caused by Anthem’s misconduct.
58. Plaintiff and members of the Class entrusted Anthem with their PII on the premise
and with the understanding that Anthem would safeguard their information, and Anthem was in a
position to protect against the harm suffered by Plaintiff and members of the Class as a result of
the Data Breach.
59. Anthem knew, or should have known, of the inherent risks in collecting and
storing the PII of Plaintiff and members of the Class and of the critical importance of providing
adequate security of that information.
60. Anthem’s own conduct also created a foreseeable risk of harm to Plaintiff and
members of the Class. Anthem’s misconduct included, but was not limited to, its failure to take
the steps and opportunities to prevent and stop the Data Breach as set forth herein. Anthem’s
misconduct also included its decision not to comply with industry standards for the safekeeping
and maintenance of the PII of Plaintiff and members of the Class.
61. Through its acts and omissions described herein, Anthem unlawfully breached its
duty to use reasonable care to protect and secure Plaintiff’s and the Class’ PII within its
possession or control. More specifically, Defendant failed to maintain a number of reasonable
security procedures and practices designed to protect the PII of Plaintiff and the Class, including,
but not limited to, establishing and maintaining industry-standard systems to safeguard its
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 16 of 24 PageID #: 16
17
consumers and employees’ PII. Given the risk involved and the amount of data at issue,
Anthem’s breach of its duties was entirely unreasonable.
62. Anthem breached its duties to timely and accurately disclose that Plaintiff’s and
Class members’ PII in Anthem’s possession had been or was reasonably believed to have been,
stolen or compromised.
63. As a direct and proximate result of Defendant’s breach of its duties, Plaintiff and
members of the Class have been harmed by the release of their PII, causing them to expend
personal income on credit monitoring services and putting them at an increased risk of identity
theft. Plaintiff and members of the Class have spent time and money to protect themselves as a
result of Defendant’s conduct, and will continue to be required to spend time and money
protecting themselves, their identities, their credit, and their reputations.
SECOND CAUSE OF ACTION
NEGLIGENCE PER SE
64. Plaintiff and the Class reallege and incorporate by reference the allegations
contained in the preceding paragraphs.
65. Pursuant to the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, Anthem had a duty
to keep and protect the personal information of its customers.
66. Anthem violated the Gramm-Leach-Bliley Act by failing to keep and protect
Plaintiff’s and Class members’ personal and financial information, failing to monitor, and/or
failing to ensure that Defendant complied with PCI data security standards, card association
standards, statutes and/or other regulations to protect such personal and financial information.
67. Anthem’s failure to comply with the Gramm-Leach-Bliley Act, and/or other
industry standards and regulations, constitutes negligence per se.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 17 of 24 PageID #: 17
18
68. Pursuant to HIPAA, Anthem had a duty to keep and protect the personal
information of its customers.
69. Anthem violated HIPAA by failing to keep and protect Plaintiff’s and Class
members’ personal and financial information, failing to monitor, and/or failing to ensure that
Defendant complied with PCI data security standards, statutes and/or other regulations to protect
such personal and financial information.
70. Anthem’s failure to comply with HIPAA, and/or other industry standards and
regulations, constitutes negligence per se.
THIRD CAUSE OF ACTION
BREACH OF IMPLIED CONTRACT
71. Plaintiff and the Class reallege and incorporate by reference the allegations
contained in the preceding paragraphs.
72. Anthem provided an implied contract to Plaintiff and Class members to safeguard
and protect the PII provided to it by Plaintiff and Class members when Plaintiff and Class
members provided their PII to Anthem when they purchased health insurance from Anthem (or
when health insurances was purchased from Anthem on their behalf).
73. Plaintiff and Class members would not have provided their PII to Anthem absent
Anthem’s implied promise to safeguard and protect consumer and employees’ PII.
74. Plaintiff and Class members performed all the obligations required by them under
the implied contract when they purchased health insurance from Anthem.
75. Anthem breached its implied contracts with Plaintiff and Class members by
failing to safeguard and protect the personal, financial and health information provided to it by
Plaintiff and Class members.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 18 of 24 PageID #: 18
19
76. As a direct and proximate result of Anthem’s breach of its implied contracts,
Plaintiff and Class members suffered the damages and injuries described herein.
FOURTH CAUSE OF ACTION
VIOLATION OF INDIANA DECEPTIVE CONSUMER SALES ACT
77. Plaintiff and the Class reallege and incorporate by reference the allegations
contained in the preceding paragraphs.
78. Anthem’s conduct as alleged in this Complaint violated Ind. Code § 24-5-0.5-
3(b)(1), (2), including without limitation that (a) Anthem represented that it protected its
consumers and employees’ personal, financial and medical information, but Anthem failed to
protect that sensitive information; (b) Anthem’s failure to maintain adequate computer systems
and data security practices to safeguard consumer and employees’ personal, medical, and
financial information; (c) Anthem’s failure to disclose the material fact that Anthem’s computer
systems and data security practices were inadequate to safeguard consumer and employees’
personal and financial data from theft; and (d) Anthem’s failure to disclose in a timely and
accurate manner to Plaintiff and members of the Class the material fact of the Anthem data
breach.
79. Plaintiff and Class members relied on Anthem’s misrepresentations.
80. Anthem’s deceptive acts were done as part of a scheme, artifice, or device with
intent to defraud or mislead and constitute incurable deceptive acts under Ind. Code § 24-5-0.5-1
et seq.
81. Plaintiff and Class members are entitled to the greater of damages actually
suffered or statutory damages, as well as treble damages, reasonable attorneys’ fees, costs of suit,
an ordering enjoining Anthem’s unlawful practices, and any other relief which the Court deems
proper.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 19 of 24 PageID #: 19
20
FIFTH CAUSE OF ACTION
VIOLATION OF NORTH CAROLINA IDENTITY THEFT PROTECTION ACT
82. Plaintiff realleges and incorporates by reference the allegations contained in each
of the preceding paragraphs as if fully set forth herein.
83. Plaintiff Hadley brings this cause of action on behalf of the North Carolina
Subclass.
84. Anthem is a “business” as defined by N.C. Gen. Stat. § 75-61(1).
85. Plaintiff Hadley and class members are “persons” as defined by N.C. Gen. Stat.
§ 75-61(9).
86. The PII of Anthem’s customers and employees that was compromised and
exposed in the Data Breach constitutes “personal information” as defined by N.C. Gen. Stat.
§ 75-61(10), which includes full names, Social Security numbers/medical identification numbers,
employment information (including income data), dates of birth, and other personal information.
87. The breach of the PII of thousands of Anthem’s customers and employees was a
“security breach” of Anthem as defined by N.C. Gen. Stat. § 76-61(14).
88. Under N.C. Gen. Stat. § 75-65, Anthem was required to disclose any breach of the
security of its system following discovery or notification of the breach to the Consumer
Protection Division of the Attorney General’s Office and any affected resident of North Carolina
without unreasonable delay.
89. In violation of N.C. Gen. Stat. § 75-65, Anthem unreasonably delayed informing
North Carolina Subclass members about the breach of their personal information, and failed to
disclose to North Carolina Subclass members without unreasonable delay that their unencrypted,
or not properly and not securely encrypted, personal information had been breached.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 20 of 24 PageID #: 20
21
90. Upon information and belief, no law enforcement agency instructed Anthem that
notification to North Carolina Subclass members would impede an investigation.
91. As a result of Anthem’s violation of N.C. Gen. Stat. § 75-65, North Carolina
Subclass members have incurred and will incur economic damages to money or property,
including but not necessarily limited to: (1) the diminution in the value of their PII entrusted to
Anthem for the purpose of deriving services and/or employment from Anthem and with the
understanding that Anthem would safeguard their PII against theft and not allow access and
misuse of their PII by others; (2) out-of-pocket costs associated with the prevention, detection,
and recovery from identity theft and/or unauthorized use of financial and medical accounts; (3)
lost opportunity costs associated with effort extended and the loss of productivity from
addressing and attempting to mitigate the actual and future consequences of the breach, including
but not limited to efforts spent researching how to prevent, detect, contest and recover from
identity and health care/medical data misuse; (4) costs associated with the ability to use credit
and assets frozen or flagged due to credit misuse, including increased costs to use credit, credit
scores, credit reports and assets; and (5) tax fraud and/or other unauthorized charges to financial,
health care or medical accounts and associated lack of access to funds while proper information
is confirmed and corrected.
92. Plaintiff further requests that the Court order Anthem to (1) identify and notify all
members of the class who have not yet been informed of the Data Breach; and (2) notify affected
current and former employees of any future data breaches by email within 24 hours of Anthem’s
discovery of a breach or possible breach and by mail within 72 hours.
93. Plaintiff Hadley, individually and on behalf of the North Carolina Subclass, seeks
all remedies available under N.C. Gen. Stat. § 75-16, including but not limited to damages and
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 21 of 24 PageID #: 21
22
equitable relief. Plaintiff also seeks reasonable attorneys’ fees and costs under applicable law
including Federal Rule of Civil Procedure 23.
SIXTH CAUSE OF ACTION
UNJUST ENRICHMENT
94. Plaintiff and the Class reallege and incorporate by reference the allegations
contained in the preceding paragraphs.
95. Plaintiff and Class members conferred a monetary benefit on Anthem in the form
of monies paid for the purchase of health insurance from Anthem during the period of the
Anthem data breach.
96. The monies paid by the Plaintiff and Class were supposed to be used by Anthem,
in part, to pay for the administrative and other costs of providing reasonable data security and
protection to Plaintiff and Class members.
97. Anthem failed to provide reasonable security, safeguards, and protections to the
personal, medical, and financial information of Plaintiff and Class members, and as a result the
Plaintiff and Class overpaid Anthem for the health insurance they purchased.
98. Under principles of equity and good conscience, Anthem should not be permitted
to retain the money belonging to Plaintiff and Class members because Anthem failed to provide
adequate safeguards and security measures to protect Plaintiff’s and Class members’ personal,
medical, and financial information that they paid for but did not receive.
99. Anthem wrongfully accepted and retained these benefits to the detriment of
Plaintiff and Class members.
100. Anthem’s enrichment at the expense of Plaintiff and Class members is and was
unjust.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 22 of 24 PageID #: 22
23
101. As a result of Anthem’s wrongful conduct, as alleged above, Plaintiff and the
Class are entitled to restitution and disgorgement of profits, benefits, and other compensation
obtained by Anthem, plus attorneys’ fees, costs, and interest thereon.
PRAYER FOR RELIEF
WHEREFORE, Plaintiff, on behalf of herself and all members of the Class, requests the
following relief:
A. An order certifying that this action is properly brought and may be maintained as
a class action, that Plaintiff Amanda Hadley be appointed a Class Representatives for the
National Class and North Carolina Subclass, and that Plaintiff’s counsel be appointed Counsel
for the National Class and North Carolina Subclass.
B. Awarding compensatory damages in an amount determined at trial for each Cause
of Action asserted herein for which these damages are available.
C. Awarding restitution in an amount determined at trial for each Cause of Action
asserted herein for which this relief is available.
D. An order enjoining Defendants from continuing the unlawful practices as set forth
herein, and directing Defendants to identify, with Court supervision, victims of their conduct and
pay them restitution.
E. Awarding interest on the monies wrongfully obtained from the date of collection
through the date of entry of judgment in this action.
F. An order awarding Plaintiff her costs of suit, including reasonable attorneys’ fees
and pre and post-judgment interest, as provided by law, or equity, or as otherwise available.
G. Such other and further relief as may be available as part of the statutory claims
asserted herein, or otherwise as may be deemed necessary or appropriate for any of the claims
asserted.
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 23 of 24 PageID #: 23
24
JURY DEMAND
Plaintiff requests a trial by jury of all claims that can so be tried.
RESPECTFULLY SUBMITTED this 10th day of March, 2015.
MATTINGLY BURKE COHEN
BIDERMAN LLP
By: /s/ Sean P. Burke
Hamish S. Cohen, #22931-53
Sean P. Burke, #26995-49
3646 N. Washington Blvd.
Indianapolis, IN 46205
Tel: (317) 614-7320
KELLER ROHRBACK L.L.P.
Lynn Lincoln Sarko, pro hac vice forthcoming
Gretchen Freeman Cappio, pro hac vice
forthcoming
Cari Campen Laufenberg, pro hac vice
forthcoming
1201 Third Avenue, Suite 3200
Seattle, WA 98101-3052
Tel: (206) 623-1900
Fax: (206) 623-3384
Attorneys for Plaintiff
Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 Page 24 of 24 PageID #: 24
JS 44 (Rev. 12/12) CIVIL COVER SHEETThe JS 44 civil cover sheet and the information contained herein neither replace nor supplement the filing and service of pleadings or other papers as required by law, except asprovided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, is required for the use of the Clerk of Court for thepurpose of initiating the civil docket sheet. (SEE INSTRUCTIONS ON NEXT PAGE OF THIS FORM.)
I. (a) PLAINTIFFS DEFENDANTS
(b) County of Residence of First Listed Plaintiff County of Residence of First Listed Defendant(EXCEPT IN U.S. PLAINTIFF CASES) (IN U.S. PLAINTIFF CASES ONLY)
NOTE: IN LAND CONDEMNATION CASES, USE THE LOCATION OF THE TRACT OF LAND INVOLVED.
(c) Attorneys (Firm Name, Address, and Telephone Number) Attorneys (If Known)
II. BASIS OF JURISDICTION (Place an “X” in One Box Only) III. CITIZENSHIP OF PRINCIPAL PARTIES (Place an “X” in One Box for Plaintiff(For Diversity Cases Only) and One Box for Defendant)
’ 1 U.S. Government ’ 3 Federal Question PTF DEF PTF DEFPlaintiff (U.S. Government Not a Party) Citizen of This State ’ 1 ’ 1 Incorporated or Principal Place ’ 4 ’ 4
of Business In This State
’ 2 U.S. Government ’ 4 Diversity Citizen of Another State ’ 2 ’ 2 Incorporated and Principal Place ’ 5 ’ 5Defendant (Indicate Citizenship of Parties in Item III) of Business In Another State
Citizen or Subject of a ’ 3 ’ 3 Foreign Nation ’ 6 ’ 6 Foreign Country
IV. NATURE OF SUIT (Place an “X” in One Box Only)CONTRACT TORTS FORFEITURE/PENALTY BANKRUPTCY OTHER STATUTES
’ 110 Insurance PERSONAL INJURY PERSONAL INJURY ’ 625 Drug Related Seizure ’ 422 Appeal 28 USC 158 ’ 375 False Claims Act’ 120 Marine ’ 310 Airplane ’ 365 Personal Injury - of Property 21 USC 881 ’ 423 Withdrawal ’ 400 State Reapportionment’ 130 Miller Act ’ 315 Airplane Product Product Liability ’ 690 Other 28 USC 157 ’ 410 Antitrust’ 140 Negotiable Instrument Liability ’ 367 Health Care/ ’ 430 Banks and Banking’ 150 Recovery of Overpayment ’ 320 Assault, Libel & Pharmaceutical PROPERTY RIGHTS ’ 450 Commerce
& Enforcement of Judgment Slander Personal Injury ’ 820 Copyrights ’ 460 Deportation’ 151 Medicare Act ’ 330 Federal Employers’ Product Liability ’ 830 Patent ’ 470 Racketeer Influenced and’ 152 Recovery of Defaulted Liability ’ 368 Asbestos Personal ’ 840 Trademark Corrupt Organizations
Student Loans ’ 340 Marine Injury Product ’ 480 Consumer Credit (Excludes Veterans) ’ 345 Marine Product Liability LABOR SOCIAL SECURITY ’ 490 Cable/Sat TV
’ 153 Recovery of Overpayment Liability PERSONAL PROPERTY ’ 710 Fair Labor Standards ’ 861 HIA (1395ff) ’ 850 Securities/Commodities/ of Veteran’s Benefits ’ 350 Motor Vehicle ’ 370 Other Fraud Act ’ 862 Black Lung (923) Exchange
’ 160 Stockholders’ Suits ’ 355 Motor Vehicle ’ 371 Truth in Lending ’ 720 Labor/Management ’ 863 DIWC/DIWW (405(g)) ’ 890 Other Statutory Actions’ 190 Other Contract Product Liability ’ 380 Other Personal Relations ’ 864 SSID Title XVI ’ 891 Agricultural Acts’ 195 Contract Product Liability ’ 360 Other Personal Property Damage ’ 740 Railway Labor Act ’ 865 RSI (405(g)) ’ 893 Environmental Matters’ 196 Franchise Injury ’ 385 Property Damage ’ 751 Family and Medical ’ 895 Freedom of Information
’ 362 Personal Injury - Product Liability Leave Act Act Medical Malpractice ’ 790 Other Labor Litigation ’ 896 Arbitration
REAL PROPERTY CIVIL RIGHTS PRISONER PETITIONS ’ 791 Employee Retirement FEDERAL TAX SUITS ’ 899 Administrative Procedure’ 210 Land Condemnation ’ 440 Other Civil Rights Habeas Corpus: Income Security Act ’ 870 Taxes (U.S. Plaintiff Act/Review or Appeal of ’ 220 Foreclosure ’ 441 Voting ’ 463 Alien Detainee or Defendant) Agency Decision’ 230 Rent Lease & Ejectment ’ 442 Employment ’ 510 Motions to Vacate ’ 871 IRS—Third Party ’ 950 Constitutionality of’ 240 Torts to Land ’ 443 Housing/ Sentence 26 USC 7609 State Statutes’ 245 Tort Product Liability Accommodations ’ 530 General’ 290 All Other Real Property ’ 445 Amer. w/Disabilities - ’ 535 Death Penalty IMMIGRATION
Employment Other: ’ 462 Naturalization Application’ 446 Amer. w/Disabilities - ’ 540 Mandamus & Other ’ 465 Other Immigration
Other ’ 550 Civil Rights Actions’ 448 Education ’ 555 Prison Condition
’ 560 Civil Detainee - Conditions of Confinement
V. ORIGIN (Place an “X” in One Box Only)
’ 1 OriginalProceeding
’ 2 Removed fromState Court
’ 3 Remanded fromAppellate Court
’ 4 Reinstated orReopened
’ 5 Transferred fromAnother District(specify)
’ 6 MultidistrictLitigation
VI. CAUSE OF ACTION
Cite the U.S. Civil Statute under which you are filing (Do not cite jurisdictional statutes unless diversity): Brief description of cause:
VII. REQUESTED IN COMPLAINT:
’ CHECK IF THIS IS A CLASS ACTIONUNDER RULE 23, F.R.Cv.P.
DEMAND $ CHECK YES only if demanded in complaint:JURY DEMAND: ’ Yes ’ No
VIII. RELATED CASE(S) IF ANY (See instructions):
JUDGE DOCKET NUMBERDATE SIGNATURE OF ATTORNEY OF RECORD
FOR OFFICE USE ONLY
RECEIPT # AMOUNT APPLYING IFP JUDGE MAG. JUDGE
Case 1:15-cv-00403-SEB-TAB Document 1-1 Filed 03/10/15 Page 1 of 2 PageID #: 25
Failure to safeguard consumer and employee information
3/10/2015
Marion County, Indiana
Class Action Fairness Act, 28 USC 1332
AMANDA HADLEY, individually and on behalf of all others similarlysituated
North Carolina
/s/ Sean Burke
Sean Burke, Hamish Cohen, Mattingly Burke Cohen Biederman LLP,3646 N. Washington Blvd., Indianapolis, IN 46205, 317-614-7320,[email protected]; [email protected]
Anthem, Inc.
JS 44 Reverse (Rev. 12/12)
INSTRUCTIONS FOR ATTORNEYS COMPLETING CIVIL COVER SHEET FORM JS 44
Authority For Civil Cover Sheet
The JS 44 civil cover sheet and the information contained herein neither replaces nor supplements the filings and service of pleading or other papers asrequired by law, except as provided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, isrequired for the use of the Clerk of Court for the purpose of initiating the civil docket sheet. Consequently, a civil cover sheet is submitted to the Clerk ofCourt for each civil complaint filed. The attorney filing a case should complete the form as follows:
I.(a) Plaintiffs-Defendants. Enter names (last, first, middle initial) of plaintiff and defendant. If the plaintiff or defendant is a government agency, use only the full name or standard abbreviations. If the plaintiff or defendant is an official within a government agency, identify first the agency and then the official, giving both name and title.
(b) County of Residence. For each civil case filed, except U.S. plaintiff cases, enter the name of the county where the first listed plaintiff resides at the time of filing. In U.S. plaintiff cases, enter the name of the county in which the first listed defendant resides at the time of filing. (NOTE: In land condemnation cases, the county of residence of the "defendant" is the location of the tract of land involved.)
(c) Attorneys. Enter the firm name, address, telephone number, and attorney of record. If there are several attorneys, list them on an attachment, notingin this section "(see attachment)".
II. Jurisdiction. The basis of jurisdiction is set forth under Rule 8(a), F.R.Cv.P., which requires that jurisdictions be shown in pleadings. Place an "X" in one of the boxes. If there is more than one basis of jurisdiction, precedence is given in the order shown below.United States plaintiff. (1) Jurisdiction based on 28 U.S.C. 1345 and 1348. Suits by agencies and officers of the United States are included here.United States defendant. (2) When the plaintiff is suing the United States, its officers or agencies, place an "X" in this box.Federal question. (3) This refers to suits under 28 U.S.C. 1331, where jurisdiction arises under the Constitution of the United States, an amendment to the Constitution, an act of Congress or a treaty of the United States. In cases where the U.S. is a party, the U.S. plaintiff or defendant code takes precedence, and box 1 or 2 should be marked.Diversity of citizenship. (4) This refers to suits under 28 U.S.C. 1332, where parties are citizens of different states. When Box 4 is checked, the citizenship of the different parties must be checked. (See Section III below; NOTE: federal question actions take precedence over diversity cases.)
III. Residence (citizenship) of Principal Parties. This section of the JS 44 is to be completed if diversity of citizenship was indicated above. Mark thissection for each principal party.
IV. Nature of Suit. Place an "X" in the appropriate box. If the nature of suit cannot be determined, be sure the cause of action, in Section VI below, is sufficient to enable the deputy clerk or the statistical clerk(s) in the Administrative Office to determine the nature of suit. If the cause fits more than one nature of suit, select the most definitive.
V. Origin. Place an "X" in one of the six boxes.Original Proceedings. (1) Cases which originate in the United States district courts.Removed from State Court. (2) Proceedings initiated in state courts may be removed to the district courts under Title 28 U.S.C., Section 1441. When the petition for removal is granted, check this box.Remanded from Appellate Court. (3) Check this box for cases remanded to the district court for further action. Use the date of remand as the filing date.Reinstated or Reopened. (4) Check this box for cases reinstated or reopened in the district court. Use the reopening date as the filing date.Transferred from Another District. (5) For cases transferred under Title 28 U.S.C. Section 1404(a). Do not use this for within district transfers or multidistrict litigation transfers.Multidistrict Litigation. (6) Check this box when a multidistrict case is transferred into the district under authority of Title 28 U.S.C. Section 1407. When this box is checked, do not check (5) above.
VI. Cause of Action. Report the civil statute directly related to the cause of action and give a brief description of the cause. Do not cite jurisdictional statutes unless diversity. Example: U.S. Civil Statute: 47 USC 553 Brief Description: Unauthorized reception of cable service
VII. Requested in Complaint. Class Action. Place an "X" in this box if you are filing a class action under Rule 23, F.R.Cv.P.Demand. In this space enter the actual dollar amount being demanded or indicate other demand, such as a preliminary injunction.Jury Demand. Check the appropriate box to indicate whether or not a jury is being demanded.
VIII. Related Cases. This section of the JS 44 is used to reference related pending cases, if any. If there are related pending cases, insert the docket numbers and the corresponding judge names for such cases.
Date and Attorney Signature. Date and sign the civil cover sheet.
Case 1:15-cv-00403-SEB-TAB Document 1-1 Filed 03/10/15 Page 2 of 2 PageID #: 26
AO 440 (Rev. 06/12) Summons in a Civil Action
UNITED STATES DISTRICT COURTfor the
__________ District of __________
))))))))))))
Plaintiff(s)
v. Civil Action No.
Defendant(s)
SUMMONS IN A CIVIL ACTION
To: (Defendant’s name and address)
A lawsuit has been filed against you.
Within 21 days after service of this summons on you (not counting the day you received it) — or 60 days if youare the United States or a United States agency, or an officer or employee of the United States described in Fed. R. Civ.P. 12 (a)(2) or (3) — you must serve on the plaintiff an answer to the attached complaint or a motion under Rule 12 ofthe Federal Rules of Civil Procedure. The answer or motion must be served on the plaintiff or plaintiff’s attorney,whose name and address are:
If you fail to respond, judgment by default will be entered against you for the relief demanded in the complaint. You also must file your answer or motion with the court.
CLERK OF COURT
Date:Signature of Clerk or Deputy Clerk
Case 1:15-cv-00403-SEB-TAB Document 1-2 Filed 03/10/15 Page 1 of 2 PageID #: 27
Hamish S. CohenSean P. BurkeMattingly Burke Cohen & Biederman, LLP3646 Washington Blvd.Indianapolis, Indiana 46205
Anthem, Inc.C/o Kathleen S. Kiefer, its registered agent120 Monument CircleIndianapolis, Indiana 46204
15-cv-405
AMANDA HADLEY, individually and on behalf of allothers similarly situated
Anthem, Inc. an Indiana Corporation
Southern District of Indiana
AO 440 (Rev. 06/12) Summons in a Civil Action (Page 2)
Civil Action No.
PROOF OF SERVICE
(This section should not be filed with the court unless required by Fed. R. Civ. P. 4 (l))
This summons for (name of individual and title, if any)
was received by me on (date) .
’ I personally served the summons on the individual at (place)
on (date) ; or
’ I left the summons at the individual’s residence or usual place of abode with (name)
, a person of suitable age and discretion who resides there,
on (date) , and mailed a copy to the individual’s last known address; or
’ I served the summons on (name of individual) , who is
designated by law to accept service of process on behalf of (name of organization)
on (date) ; or
’ I returned the summons unexecuted because ; or
’ Other (specify):
.
My fees are $ for travel and $ for services, for a total of $ .
I declare under penalty of perjury that this information is true.
Date:Server’s signature
Printed name and title
Server’s address
Additional information regarding attempted service, etc:
Case 1:15-cv-00403-SEB-TAB Document 1-2 Filed 03/10/15 Page 2 of 2 PageID #: 28
15-cv-405
0