Indiana's attorney general office has filed suit against health insurer Wellpoint for delaying notification of customers of a data breach earlier this year.
Indiana law requires businesses to notify individuals potentially affected by data breaches, as well as the attorney general's office "without reasonable delay," according to a statement by Indiana AG Greg Zoeller's office.
However, the AG office alleges that data, including social security numbers, health records, and financial information for about 32,000 Indiana consumers were potentially available to the general public through an unsecured Wellpoint website for about 137 days, between October 2009 and March 2010. The data was submitted to Wellpoint from applicants seeking insurance coverage.