united states district court for the southern district of indiana …1... · · 2015-03-231...

1

UNITED STATES DISTRICT COURT

FOR THE SOUTHERN DISTRICT OF INDIANA

INDIANAPOLIS DIVISION

AMANDA HADLEY, individually and on

behalf of all others similarly situated,

Plaintiff,

v.

ANTHEM, INC. an Indiana corporation,

Defendant.

)

)

)

)

)

)

)

)

)

No. 15-403

DEMAND FOR JURY TRIAL

PLAINTIFF’S CLASS ACTION COMPLAINT

Plaintiff Amanda Hadley (“Plaintiff”) files this Class Action Complaint (“Complaint”) on

behalf of herself and all others similarly situated, by and through the undersigned attorneys,

against Defendant Anthem, Inc. (“Defendant” or “Anthem”), which was known previously as

WellPoint, Inc., and alleges as follows upon personal knowledge as to herself and her own acts

and experiences, and, as to all other matters, upon information and belief based upon, inter alia,

investigation conducted by her attorneys.

I. NATURE OF THE ACTION

1. On February 4, 2015, Anthem revealed that it had suffered a catastrophic data

breach (“Data Breach”) of its information technology system (“Network”). Anthem is the

second largest health insurer in the United States. This was not the first time Anthem has

suffered a massive data breach, but it is the worst.

2. The hackers gained access to sensitive and confidential data entrusted to Anthem,

including full names, social security numbers/medical identification numbers, home addresses,

email addresses, employment information (including income data), dates of birth, and other

personal information (“Personally Identifying Information” or “PII”). Anthem is continuing to

Case 1:15-cv-00403-SEB-TAB Document 1 Filed 03/10/15 of 24 PageID #: 1

2

assess the impact of the Data Breach. To date, it has been reported that the Data Breach

compromised the data of approximately 80 million current and former Anthem members,

including approximately 19 million consumers who are covered by non-Anthem Blue Cross and

Blue Shield plans, dating back to 2004.1

3. Anthem left the most sensitive PII of its consumers and employees vulnerable to

data breach and misuse because, in part, the data was unencrypted. Anthem suffered the

catastrophic Data Breach because it failed to develop, maintain, and implement sufficient

security measures on its database, particularly given the fact that its systems harbor medical and

other private data. Indeed, as discussed below, Anthem has previously been investigated for its

failure to reasonably protect PII and was subsequently the subject of a similar — though far less

massive — data breach, which resulted in a government fine, private litigation and a class action

settlement. Further, last summer, the FBI issued a warning that the health care industry might be

targeted by hackers. Nevertheless, Anthem has repeatedly failed to take these warnings to heart.

4. Anthem’s recent Data Breach also follows in the wake of a number of widely

publicized data breaches affecting companies such as Target, Home Depot, Neiman Marcus,

Community Health Systems, Inc., Michaels Stores, Jimmy Johns, Sony Pictures Entertainment,

J.P. Morgan Chase & Co., P.F. Chang’s, Staples, and others. Notwithstanding these earlier data

security incidents at Anthem and at others, Anthem failed to take adequate steps to prevent the

Data Breach from occurring.

5. Anthem’s reaction to the Data Breach has been anemic at best. It has failed to

timely notify affected employees and consumers, including Plaintiff. For a portion of affected

1 Leisa Richardson, Anthem Hack Offers Big Lessons for Business, Consumers, IndyStar (Feb. 7, 2015), available at

http://www.indystar.com/story/money/2015/03/01/anthem-hack-offers-big-lessons-business-

consumers/24084979/.


3

consumers and employees, Anthem originally offered credit monitoring and identity protection

for a period of one year – a woefully deficient short-term solution to a lifelong problem.

Subsequently, Anthem increased this period to two years, but this offering remains wholly

inadequate to protect affected consumers and employees, because the Data Breach has put their

credit and identities at risk for the rest of their lives.

6. Consumers and employees face a “lifelong battle” to control the damages of their

PII being stolen by hackers, including fraudulent tax returns, stolen identities, and/or medical

identify fraud.2 Anthem’s failure to adequately protect PII has caused, and will continue to

cause, substantial customer harm and injuries to Anthem consumers and employees across the

United States.

7. Plaintiff, individually and on behalf of the Class defined below, seeks to hold

Anthem accountable for the Data Breach by ensuring that it provide adequate protection to those

affected. Plaintiff seeks relief for Anthem's breach of implied contractual obligations,

negligence, violations of certain statutes discussed infra, bailment and, alternatively, unjust

enrichment.

II. JURISDICTION AND VENUE

8. This Court has subject matter jurisdiction of this action pursuant to 28 U.S.C.

§ 1332 of the Class Action Fairness Act of 2005 because: (i) there are 100 or more class

members, (ii) there is an aggregate amount in controversy exceeding $5,000,000, exclusive of

interest and costs, and (iii) there is minimal diversity because at least one plaintiff and defendant

2 Shary Rudavsky, Anthem Data Breach Could Be “Lifelong Battle” for Customers, IndyStar (Feb. 7, 2015),

available at http://www.indystar.com/story/news/2015/02/05/anthem-data-breach-lifelong-battle-

customers/22953623/.


4

are citizens of different states. This Court also has supplemental jurisdiction over the state law

claims pursuant to 28 U.S.C. § 1367.

9. This Court has personal jurisdiction over Defendant because it maintains its

principal place of business in this judicial district and division and has such minimum contacts in

this state to make this Court’s exercise of jurisdiction proper.

10. Venue is proper in this judicial district and division pursuant to 28 U.S.C. § 1391

because Defendant is headquartered in this district and division, is subject to personal

jurisdiction in this district and division, and therefore is deemed to be a citizen of this district and

division. Additionally, a substantial part of the events and/or omissions giving rise to the claims

occurred within this district and division.

III. PARTIES

11. Plaintiff Amanda Hadley is currently a resident of the State of North Carolina.

Plaintiff Hadley has medical insurance coverage through Anthem Blue Cross Blue Shield. As a

result of Plaintiff Hadley’s insurance coverage, on information and belief, Defendant Anthem

obtained, used, and stored her PII, which she expected to be safeguarded and kept confidential.

On information and belief, Plaintiff Hadley’s PII was compromised when hackers accessed

Anthem’s Network, including but not limited to her full name, current address, date of birth,

medical identification number, social security number, email address, employment information,

and income data. Plaintiff Hadley did not consent to relinquish control over her PII or allow her

PII to be publicized in providing this information to Anthem. She is greatly troubled by her loss

of control over her PII and/or publication of her PII, and believes that part of her insurance

premium was paid to ensure reasonable security of her PII. Plaintiff Hadley also feels stress over

her loss of control over her PII and/or publication of her PII, which she fears will subject her to

lifelong exposure to identity theft, medical data misuse and other repercussions.


5

12. Due to the extremely problematic nature of the loss of control and/or publication

of Plaintiff Hadley’s PII, her resulting stress, and Defendant’s lack of timely notice and response

to the Data Breach, to date, Plaintiff Hadley has expended hours attempting to safeguard herself

from identity theft or other harms caused by the release of her PII as a result of the Data Breach.

Going forward, Plaintiff Hadley anticipates spending considerable time in an effort to contain the

impact of Anthem’s Data Breach as it relates to her PII that, on information and belief, is now in

the public domain.

13. Defendant Anthem is an entity incorporated in the State of Indiana with its

headquarters and principal place of business located at 120 Monument Circle in Indianapolis,

Indiana. Anthem was previously known as WellPoint, Inc., and was formed when Anthem

Insurance Company bought WellPoint Health Networks in 2004. Anthem issues securities that

are publicly traded on the New York Stock Exchange under the ticker symbol “WLP.”

IV. FACTUAL ALLEGATIONS

Anthem Has Repeatedly Failed to Reasonably Protect Consumer and Employee PII

14. In 2009, an investigation by the U.S. Department of Health and Human Services

(“HHS”) under the Health Insurance Portability and Accountability Act (“HIPAA”) found that

Anthem, doing business as WellPoint, did not adequately implement policies and procedures to

protect unsecured “electronic protected health information” covered by HIPAA.

15. In 2010, a second investigation by HHS found that WellPoint still did not

adequately implement policies and procedures to protect unsecured “electronic protected health

information” covered by HIPAA, and that names, dates of birth, addresses, Social Security

numbers, telephone numbers and health information of 612,000 WellPoint customers and

employees were disclosed as a result.

16. HHS fined Anthem approximately $1.7 million for the 2010 data breach.


6

17. WellPoint’s chief information security officer at the time of the fine was Roy

Mellinger. He currently remains chief information security officer for Anthem.

18. In addition, despite Anthem’s offer of one year of credit monitoring to its insureds

as a result of the 2010 data breach, private litigation, including class action litigation, was

initiated.

Non-Financial PII has Long-Term Value on the Black Market

19. In a carefully crafted letter to Anthem members that was posted on Anthem’s

website on February 6, 2015, Anthem CEO Joseph R. Swedish emphasized that while he was not

currently aware of evidence that “credit card or medical information, such as claims, test results

or diagnostic codes” had been compromised through the Data Breach, numerous types of PII had

been compromised by it:

[A]ttackers gained unauthorized access to Anthem’s IT system and have obtained

personal information from our current and former members such as their names,

birthdays, medical IDs/social security numbers, street addresses, email addresses and

employment information, including income data.

20. As noted by Kiplinger, however, the current lack of confirmed credit card

information compromise is no reason to breathe a sigh of relief for the Class:

The truth is, you might have been better off if only card information had been stolen

because what the hackers got is potentially much more valuable: full names, birthdays,

street addresses and Social Security numbers. “They got your secret sauce,” says Neal

O’Farrell, a security and identity theft expert for Credit Sesame. “It’s as good as your

DNA to hackers.” 3

21. Moreover, the value of the non-financial PII that Anthem admits was

compromised by the Data Breach is highlighted by HIPAA’s protection of it.

3 Cameron Huddleston, How to Protect Your Kids From the Anthem Data Breach,” Kiplinger (Feb. 10, 2015),

http://www.kiplinger.com/article/credit/T048-C011-S001-how-to-protect-your-kids-from-the-anthem-data-

brea.html.


7

22. Senior HHS advisor Rachel Seeger has been quoted in the media emphasizing that

names and Social Security Numbers are protected under HIPAA—even if no specific diagnostic

or treatment information is disclosed:

The personally identifiable information that HIPAA-covered health plans maintain on

enrollees and members — including names and Social Security Numbers — is protected

under HIPAA, even if no specific diagnostic or treatment information is disclosed.

23. As reported by Reuters, non-financial data “is worth 10 times more than your

credit card number on the black market.” This is because non-financial data theft is often not

immediately identified, “giving criminals years to milk such credentials.” This makes non-

financial data more valuable than credit cards, “which tend to be quickly canceled by banks once

fraud is detected.”4

24. Today, as reported by CreditCards.com, hackers are looking to steal non-financial

information so they can “continue to monetize victims’ identifies over a longer period of time.”

Specifically, “[o]nce hackers have a medical ID, they can use it to procure prescription drugs or

expensive medical equipment or simply to commit financial fraud – often for months or years

before anyone notices.”5

25. As summed up by Kiplinger:

Unlike a credit card, you can’t cancel a Social Security number, which puts you at risk of

being a lifelong victim … Thieves can use that number to steal your identity and file

fraudulent tax returns, rack up debt in your name and more.6

4 Caroline Humer and Jim Finkle, Your Medical Record is Worth More to Hackers than Your Credit Card, Reuters

(Sept. 24, 2014), http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-

idUSKCN0HJ21I20140924. 5 Cathleen McCarthy, How to Spot and Prevent Medical Identity Theft, CreditCards.com,

http://www.creditcards.com/credit-card-news/spot-prevent-medical-identity-theft-1282.php (last updated Aug. 19,

2014). 6 Huddleston, supra note 3.


8

Use of Compromised Non-Financial PII is Costly to Its Owners

26. Once use of compromised non-financial PII is detected, the emotional and

economic consequences to its owners is significant. As reported by CreditCards.com:

The Ponemon Institute found that 36 percent of medical ID theft victims pay to

resolve the issue, and their out-of-pocket costs average nearly $19,000. Even if

you don't end up paying out of pocket, such usage can wreak havoc on both

medical and credit records, and clearing that up is a time-consuming headache.

That's because medical records are scattered. Unlike personal financial

information, which is consolidated and protected by credit bureaus, bits of your

medical records end up in every doctor's office and hospital you check into, every

pharmacy that fills a prescription and every facility that processes payments for

those transactions.

Anthem Was Obligated to Keep Consumer and Employee PII Reasonably Secure

27. As a health insurer, Anthem knows or should know of the risks its consumers and

employees face when their PII is misused and of the need to carefully safeguard this information,

in part because hackers breach the healthcare industry more frequently than any other segment of

the economy.7

28. Anthem’s own HIPAA Notice of Privacy Protection provides:

We are dedicated to protecting your [personal health information], and have set up a

number of policies and practices to help make sure your [personal health information] is

kept secure

…

We keep your oral, written and electronic [personal health information] safe using

physical, electronic, and procedural means. These safeguards follow federal and state

laws. Some of the ways we keep your [personal health information] safe include

securing offices that hold [personal health information], password-protecting computers,

and locking storage areas and filing cabinets. We require our employees to protect

[personal health information] through written policies and procedures. These policies

limit access to [personal health information] to only those employees who need the data

to do their job. Employees are also required to wear ID badges to help keep people who

do not belong out of areas where sensitive data is kept. Also, where required by law, our

affiliates and nonaffiliates must protect the privacy of data we share in the normal course

7 Mark Greisiger, Cyber Liability & Data Breach Insurance Claims, NetDiligence 2013, at p. 2, available at

http://www.netdiligence.com/files/CyberClaimsStudy-2013.pdf.


9

of business. They are not allowed to give [personal health information] to others without

your written OK, except as allowed by law and outlined in this notice.8

29. Consumers and employees rely on health insurers such as Anthem to maintain

their sensitive health and PII to ensure it is both private and secure.

30. Anthem claims to maintain state-of-the-art information security systems to protect

its customer personal health and financial data.9

31. Yet, despite its promises, hackers were able to access millions of Anthem’s

unencrypted customers’ PII, including names, birthdays, medical IDs/social security numbers,

street addresses, email addresses and employment information, including income data.10 Further,

once hackers had gained access to Anthem’s computers, they “were able to roam around for

seven weeks inside Anthem’s computers” before Anthem noticed the breach on January 27,

2015.11

32. Anthem confirmed that all of its product lines were impacted by the Data Breach,

including Anthem Blue Cross, Blue Cross of California, Anthem Blue Cross and Blue Shield,

Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup,

Caremore, Unicare, Healthlink, and DeCare.

8 Anthem’s HIPAA notice titled, “Information that’s important to you,” located on its website at

https://www.anthem.com/health-insurance/nsecurepdf/english common 11832ANMEN (last visited February 11,

2015). 9 Kara Brandeisky, Anthem Health Insurance Was Hacked. Here’s What Customers Need to Know, Time (Feb. 5,

2015), available at http://time.com/money/3697026/anthem-data-breach-social-security/. 10

Anthem CEO Joseph R. Swedish’s statement to Anthem consumers, available at < http://www.anthemfacts.com/

(last visited February 11, 2015). See also Health Insurer Anthem Didn’t Encrypt Data Stolen – Update, The Wall

Street Journal, Feb. 5, 2015. 11

J.K. Wall, Anthem’s IT System Had Cracks Before Hack, Indianapolis Business Journal (Feb. 14, 2015),

available at http://www.ibj.com/articles/51789-anthems-it-system-had-cracks-before-hack.


10

33. The hackers who breached Anthem’s records were able to access a database

containing up to 80 million current and former customers, and employees’ records.12

34. Anthem did not announce that its data systems maintaining personal, financial and

potentially health information of its customers and employees was compromised immediately.

Instead, Anthem waited to announce that its systems were compromised, and that up to 80

million consumer and employees’ records had been stolen, until February 4, 2015.

35. Before the breach, Anthem did not encrypt the data in this database, including

Social Security numbers and other PII.13 Encryption is considered the most effective way to

secure data.14 Without encryption, the hackers who accessed the information will be able to

easily access all of the PII accessed.

36. It was not until after the Data Breach, that Anthem retained Mandiant, a leading

cybersecurity firm, to evaluate Anthem’s systems and identify solutions to Anthem’s systems’

vulnerabilities.15

37. Anthem could have retained Mandiant, or another cybersecurity consultant, prior

to the Data Breach to analyze and identify solutions for its systems’ vulnerabilities, and this

could have prevented the Data Breach from occurring, or at the least minimized the amount of

information stolen from Anthem’s systems.

12

Brandeisky, supra note 9. 13

Bruce Japsen, Hackers Stole Data on 80 Million Anthem Customers. Why Wasn’t It Encrypted?, Forbes (Feb. 6,

2015), available at http://www.forbes.com/sites/brucejapsen/2015/02/06/anthem-didnt-encrypt-personal-data-and-

privacy-laws-dont-require-it/. 14

Id. 15

Anthem CEO Joseph R. Swedish’s statement to Anthem consumers, available at < http://www.anthemfacts.com/

(last visited February 11, 2015).


11

38. Indeed, Anthem and other health insurers routinely maintain consumer and

employees’ health and financial information, and have been on notice of potential cyber attacks

seeking to get consumers and employees PII.

39. In 2014, the Federal Bureau of Investigation’s cyber division warned health care

systems that cyber attacks were likely to occur after January 2015, when healthcare companies

were required to transfer from paper medical records over to electronic records.16 The FBI

pointed out that healthcare companies were more susceptible to cyber attacks, making future

attacks likely. The FBI’s report was highly publicized, being reported by such news agencies as

Reuters.17

40. Indeed, even before the full transition over to electronic medical records, other

healthcare companies were the targets of major cyber attacks. According to a SANS Analyst

Whitepaper from February 2014 titled, “Health Care Cyberthreat Report: Widespread

Compromises Detected, Compliance Nightmare on Horizon,” healthcare providers, including

insurance companies, were regular targets of cyber attacks, and particularly vulnerable to them.18

41. Anthem was aware that it needed to maintain the security of its customers’ Private

Information. In its SEC Form 10-K filings dated February 20, 2014, Anthem acknowledged that

it must maintain and upgrade its data systems to protect its customers’ data.19

16

FBI Cyber Division Private Industry Notification, April 8, 2014, available at

https://info.publicintelligence.net/FBI-HealthCareCyberIntrusions.pdf (last visited February 11, 2015). 17

Jim Finkle, Exclusive: FBI Warns Healthcare Sector Vulnerable to Cyber Attacks, Reuters (Apr. 23, 2014),

http://www.reuters.com/article/2014/04/23/us-cybersecurity-healthcare-fbi-exclusiv-idUSBREA3M1Q920140423. 18

Barbara Filkins, Health Care Cyberthreat Report, SANS, February 2014, available at http://pages.norse-

corp.com/rs/norse/images/Norse-SANS-Healthcare-Cyberthreat-Report2014.pdf (last visited February 11, 2015). 19

SEC Form 10-k Annual Report for the Year Ending December 31, 2013, available at

http://www.sec.gov/Archives/edgar/data/1156039/000115603914000003/wlp-20131231x10k.htm.


12

42. Yet, despite the many warnings, Anthem’s own promises to maintain data

security, and the critical nature of maintaining the security of consumer and employees’ financial

information, Anthem did not even take steps to encrypt the sensitive PII of its customers and

employees that it maintained.

43. Anthem also did not disclose to anyone that it did not have adequate security

systems in place to keep Plaintiff and other customers’ personal, financial and health information

that Anthem maintained on its computer systems private and secure.

44. Due to Anthem’s failure to maintain the privacy and security of Plaintiff’s and

Class Members’ private personal, financial and health information, Anthem has violated the law

and breached its duties to its customers.

V. CLASS ALLEGATIONS

45. This action asserts claims on behalf of a nationwide class, and a North Carolina

subclass (together “Class”) pursuant to Federal Rules Civil Procedure 23(a), 23(b)(1), 23(b)(2),

23(b)(3), and/or 23(c)(4), which class and subclasses consist of persons who had their data stolen

from Anthem’s systems as follows:

All persons in the United State whose personal, medical or financial information was

compromised by the data breach disclosed by Anthem on February 4, 2014 (the “National

Class”).

All persons in North Carolina whose personal, medical or financial information was

compromised by the data breach disclosed by Anthem on February 4, 2015 (the “North

Carolina Subclass”).

46. Excluded from the Class are Defendant, its CEO, and the Judge(s) assigned to this

case. Plaintiff reserves the right to modify, change or expand the Class definition after

conducting discovery.


13

47. Numerosity: The Class is so numerous that joinder of all members is

impracticable. Anthem has acknowledged that as many as 80 million records may have been

compromised by the Data Breach.

48. Existence and Predominance of Common Questions of Fact and Law:

Common questions of law and fact exist as to all members of the Class. These questions

predominate over the questions affecting individual Class members. These common legal and

factual questions include, but are not limited to:

A. whether Defendant's data security and retention policies were

unreasonable;

B. whether Defendant failed to protect the confidential and highly sensitive

information to which it was entrusted;

C. whether Defendant breached any legal duties in connection with the data

breach;

D. whether Defendant's conduct violated the Indiana Deceptive Consumer

Sales Act;

E. whether Defendant was negligent;

F. whether Defendant was unjustly enriched; and

G. whether Plaintiff and Class members are entitled to monetary damages

and/or other remedies and, if so, the nature of any such relief.

49. Typicality: All of Plaintiff’s claims are typical of the claims of the Class since

Plaintiff and all members of the Class had their personal, confidential, and highly sensitive

information compromised in the Data Breach announced on February 4, 2015.


14

50. Adequacy: Plaintiff is an adequate representative because her interests do not

materially or irreconcilably conflict with the interests of the Class that she seeks to represent, she

has retained counsel competent and highly experienced in complex class action litigation, and

she intends to prosecute this action vigorously. The interests of the Class will be fairly and

adequately protected by Plaintiff and her counsel.

51. Superiority: A class action is superior to all other available means of fair and

efficient adjudication of the claims of Plaintiff and members of the Class. The injury suffered by

each individual Class member is relatively small in comparison to the burden and expense of

individual prosecution of the complex and extensive litigation necessitated by Defendant’s

conduct. It would be virtually impossible for members of the Class individually to effectively

redress the wrongs done to them. Even if the members of the Class could afford such individual

litigation, the court system could not. Individualized litigation presents a potential for

inconsistent or contradictory judgments. Individualized litigation increases the delay and

expense to all parties and to the court system presented by the complex legal and factual issues

of the case. By contrast, the class action device presents far fewer management difficulties, and

provides the benefits of single adjudication, economy of scale, and comprehensive supervision

by a single court. Members of the Class can be readily identified and notified based on, inter

alia, Defendant's records and databases. Indeed, Anthem claims to already be in the process of

notifying them.

52. Defendant has acted, and refused to act, on grounds generally applicable to the

Class, thereby making appropriate final relief with respect to the Class as a whole.


15

FIRST CAUSE OF ACTION

NEGLIGENCE

53. Plaintiff and the Class reallege and incorporate by reference the allegations

contained in each of the preceding paragraphs of this Complaint as if fully set forth herein.

54. Defendant owed a duty to the Class to exercise reasonable care in obtaining,

securing, safeguarding, deleting and protecting Plaintiff’s and the Class’ PII within its possession

or control from being compromised, lost, stolen, accessed and misused by unauthorized persons.

This duty included, among other things, designing, maintaining and testing Anthem’s security

systems to ensure that Plaintiff’s and Class members’ PII in Anthem’s possession was

adequately secured and protected. Anthem further owed a duty to Plaintiff and the Class to

implement processes that would detect a breach of its security system in a timely manner and to

timely act upon warning and alerts including those generated by its own security systems.

55. Anthem owed a duty to Plaintiff and the members of the Class to provide security,

including consistent with of industry standards and requirements, to ensure that its systems and

networks, and the personnel responsible for them, adequately protected the PII of its consumers

and employees.

56. Anthem owed a duty of care to Plaintiff and the members of the Class because

they were foreseeable and probable victims of any inadequate security practices. Anthem knew

or should have known it had inadequately safeguarded its Network, particularly in light of its

prior breaches, as noted above, and yet Anthem failed to take reasonable precautions to

safeguard consumers and employees’ PII.

57. Anthem owed a duty to timely and accurately disclose to Plaintiff and members of

the Class that their PII had been or was reasonably believed to have been compromised. Timely

disclosure was required, appropriate and necessary so that, among other things, Plaintiff and the


16

members of the Class could take appropriate measures to avoid identify theft or fraudulent

charges, including, monitor their account information and credit reports for fraudulent activity,

contact their banks or other financial institutions, obtain credit monitoring services, file reports

with law enforcement and other governmental agencies and take other steps to mitigate or

ameliorate the damages caused by Anthem’s misconduct.

58. Plaintiff and members of the Class entrusted Anthem with their PII on the premise

and with the understanding that Anthem would safeguard their information, and Anthem was in a

position to protect against the harm suffered by Plaintiff and members of the Class as a result of

the Data Breach.

59. Anthem knew, or should have known, of the inherent risks in collecting and

storing the PII of Plaintiff and members of the Class and of the critical importance of providing

adequate security of that information.

60. Anthem’s own conduct also created a foreseeable risk of harm to Plaintiff and

members of the Class. Anthem’s misconduct included, but was not limited to, its failure to take

the steps and opportunities to prevent and stop the Data Breach as set forth herein. Anthem’s

misconduct also included its decision not to comply with industry standards for the safekeeping

and maintenance of the PII of Plaintiff and members of the Class.

61. Through its acts and omissions described herein, Anthem unlawfully breached its

duty to use reasonable care to protect and secure Plaintiff’s and the Class’ PII within its

possession or control. More specifically, Defendant failed to maintain a number of reasonable

security procedures and practices designed to protect the PII of Plaintiff and the Class, including,

but not limited to, establishing and maintaining industry-standard systems to safeguard its


17

consumers and employees’ PII. Given the risk involved and the amount of data at issue,

Anthem’s breach of its duties was entirely unreasonable.

62. Anthem breached its duties to timely and accurately disclose that Plaintiff’s and

Class members’ PII in Anthem’s possession had been or was reasonably believed to have been,

stolen or compromised.

63. As a direct and proximate result of Defendant’s breach of its duties, Plaintiff and

members of the Class have been harmed by the release of their PII, causing them to expend

personal income on credit monitoring services and putting them at an increased risk of identity

theft. Plaintiff and members of the Class have spent time and money to protect themselves as a

result of Defendant’s conduct, and will continue to be required to spend time and money

protecting themselves, their identities, their credit, and their reputations.

SECOND CAUSE OF ACTION

NEGLIGENCE PER SE


contained in the preceding paragraphs.

65. Pursuant to the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, Anthem had a duty

to keep and protect the personal information of its customers.

66. Anthem violated the Gramm-Leach-Bliley Act by failing to keep and protect

Plaintiff’s and Class members’ personal and financial information, failing to monitor, and/or

failing to ensure that Defendant complied with PCI data security standards, card association

standards, statutes and/or other regulations to protect such personal and financial information.

67. Anthem’s failure to comply with the Gramm-Leach-Bliley Act, and/or other

industry standards and regulations, constitutes negligence per se.


18

68. Pursuant to HIPAA, Anthem had a duty to keep and protect the personal

information of its customers.

69. Anthem violated HIPAA by failing to keep and protect Plaintiff’s and Class

members’ personal and financial information, failing to monitor, and/or failing to ensure that

Defendant complied with PCI data security standards, statutes and/or other regulations to protect

such personal and financial information.

70. Anthem’s failure to comply with HIPAA, and/or other industry standards and

regulations, constitutes negligence per se.

THIRD CAUSE OF ACTION

BREACH OF IMPLIED CONTRACT



72. Anthem provided an implied contract to Plaintiff and Class members to safeguard

and protect the PII provided to it by Plaintiff and Class members when Plaintiff and Class

members provided their PII to Anthem when they purchased health insurance from Anthem (or

when health insurances was purchased from Anthem on their behalf).

73. Plaintiff and Class members would not have provided their PII to Anthem absent

Anthem’s implied promise to safeguard and protect consumer and employees’ PII.

74. Plaintiff and Class members performed all the obligations required by them under

the implied contract when they purchased health insurance from Anthem.

75. Anthem breached its implied contracts with Plaintiff and Class members by

failing to safeguard and protect the personal, financial and health information provided to it by

Plaintiff and Class members.


19

76. As a direct and proximate result of Anthem’s breach of its implied contracts,

Plaintiff and Class members suffered the damages and injuries described herein.

FOURTH CAUSE OF ACTION

VIOLATION OF INDIANA DECEPTIVE CONSUMER SALES ACT



78. Anthem’s conduct as alleged in this Complaint violated Ind. Code § 24-5-0.5-

3(b)(1), (2), including without limitation that (a) Anthem represented that it protected its

consumers and employees’ personal, financial and medical information, but Anthem failed to

protect that sensitive information; (b) Anthem’s failure to maintain adequate computer systems

and data security practices to safeguard consumer and employees’ personal, medical, and

financial information; (c) Anthem’s failure to disclose the material fact that Anthem’s computer

systems and data security practices were inadequate to safeguard consumer and employees’

personal and financial data from theft; and (d) Anthem’s failure to disclose in a timely and

accurate manner to Plaintiff and members of the Class the material fact of the Anthem data

breach.

79. Plaintiff and Class members relied on Anthem’s misrepresentations.

80. Anthem’s deceptive acts were done as part of a scheme, artifice, or device with

intent to defraud or mislead and constitute incurable deceptive acts under Ind. Code § 24-5-0.5-1

et seq.

81. Plaintiff and Class members are entitled to the greater of damages actually

suffered or statutory damages, as well as treble damages, reasonable attorneys’ fees, costs of suit,

an ordering enjoining Anthem’s unlawful practices, and any other relief which the Court deems

proper.


20

FIFTH CAUSE OF ACTION

VIOLATION OF NORTH CAROLINA IDENTITY THEFT PROTECTION ACT

82. Plaintiff realleges and incorporates by reference the allegations contained in each

of the preceding paragraphs as if fully set forth herein.

83. Plaintiff Hadley brings this cause of action on behalf of the North Carolina

Subclass.

84. Anthem is a “business” as defined by N.C. Gen. Stat. § 75-61(1).

85. Plaintiff Hadley and class members are “persons” as defined by N.C. Gen. Stat.

§ 75-61(9).

86. The PII of Anthem’s customers and employees that was compromised and

exposed in the Data Breach constitutes “personal information” as defined by N.C. Gen. Stat.

§ 75-61(10), which includes full names, Social Security numbers/medical identification numbers,

employment information (including income data), dates of birth, and other personal information.

87. The breach of the PII of thousands of Anthem’s customers and employees was a

“security breach” of Anthem as defined by N.C. Gen. Stat. § 76-61(14).

88. Under N.C. Gen. Stat. § 75-65, Anthem was required to disclose any breach of the

security of its system following discovery or notification of the breach to the Consumer

Protection Division of the Attorney General’s Office and any affected resident of North Carolina

without unreasonable delay.

89. In violation of N.C. Gen. Stat. § 75-65, Anthem unreasonably delayed informing

North Carolina Subclass members about the breach of their personal information, and failed to

disclose to North Carolina Subclass members without unreasonable delay that their unencrypted,

or not properly and not securely encrypted, personal information had been breached.


21

90. Upon information and belief, no law enforcement agency instructed Anthem that

notification to North Carolina Subclass members would impede an investigation.

91. As a result of Anthem’s violation of N.C. Gen. Stat. § 75-65, North Carolina

Subclass members have incurred and will incur economic damages to money or property,

including but not necessarily limited to: (1) the diminution in the value of their PII entrusted to

Anthem for the purpose of deriving services and/or employment from Anthem and with the

understanding that Anthem would safeguard their PII against theft and not allow access and

misuse of their PII by others; (2) out-of-pocket costs associated with the prevention, detection,

and recovery from identity theft and/or unauthorized use of financial and medical accounts; (3)

lost opportunity costs associated with effort extended and the loss of productivity from

addressing and attempting to mitigate the actual and future consequences of the breach, including

but not limited to efforts spent researching how to prevent, detect, contest and recover from

identity and health care/medical data misuse; (4) costs associated with the ability to use credit

and assets frozen or flagged due to credit misuse, including increased costs to use credit, credit

scores, credit reports and assets; and (5) tax fraud and/or other unauthorized charges to financial,

health care or medical accounts and associated lack of access to funds while proper information

is confirmed and corrected.

92. Plaintiff further requests that the Court order Anthem to (1) identify and notify all

members of the class who have not yet been informed of the Data Breach; and (2) notify affected

current and former employees of any future data breaches by email within 24 hours of Anthem’s

discovery of a breach or possible breach and by mail within 72 hours.

93. Plaintiff Hadley, individually and on behalf of the North Carolina Subclass, seeks

all remedies available under N.C. Gen. Stat. § 75-16, including but not limited to damages and


22

equitable relief. Plaintiff also seeks reasonable attorneys’ fees and costs under applicable law

including Federal Rule of Civil Procedure 23.

SIXTH CAUSE OF ACTION

UNJUST ENRICHMENT



95. Plaintiff and Class members conferred a monetary benefit on Anthem in the form

of monies paid for the purchase of health insurance from Anthem during the period of the

Anthem data breach.

96. The monies paid by the Plaintiff and Class were supposed to be used by Anthem,

in part, to pay for the administrative and other costs of providing reasonable data security and

protection to Plaintiff and Class members.

97. Anthem failed to provide reasonable security, safeguards, and protections to the

personal, medical, and financial information of Plaintiff and Class members, and as a result the

Plaintiff and Class overpaid Anthem for the health insurance they purchased.

98. Under principles of equity and good conscience, Anthem should not be permitted

to retain the money belonging to Plaintiff and Class members because Anthem failed to provide

adequate safeguards and security measures to protect Plaintiff’s and Class members’ personal,

medical, and financial information that they paid for but did not receive.

99. Anthem wrongfully accepted and retained these benefits to the detriment of

Plaintiff and Class members.

100. Anthem’s enrichment at the expense of Plaintiff and Class members is and was

unjust.


23

101. As a result of Anthem’s wrongful conduct, as alleged above, Plaintiff and the

Class are entitled to restitution and disgorgement of profits, benefits, and other compensation

obtained by Anthem, plus attorneys’ fees, costs, and interest thereon.

PRAYER FOR RELIEF

WHEREFORE, Plaintiff, on behalf of herself and all members of the Class, requests the

following relief:

A. An order certifying that this action is properly brought and may be maintained as

a class action, that Plaintiff Amanda Hadley be appointed a Class Representatives for the

National Class and North Carolina Subclass, and that Plaintiff’s counsel be appointed Counsel

for the National Class and North Carolina Subclass.

B. Awarding compensatory damages in an amount determined at trial for each Cause

of Action asserted herein for which these damages are available.

C. Awarding restitution in an amount determined at trial for each Cause of Action

asserted herein for which this relief is available.

D. An order enjoining Defendants from continuing the unlawful practices as set forth

herein, and directing Defendants to identify, with Court supervision, victims of their conduct and

pay them restitution.

E. Awarding interest on the monies wrongfully obtained from the date of collection

through the date of entry of judgment in this action.

F. An order awarding Plaintiff her costs of suit, including reasonable attorneys’ fees

and pre and post-judgment interest, as provided by law, or equity, or as otherwise available.

G. Such other and further relief as may be available as part of the statutory claims

asserted herein, or otherwise as may be deemed necessary or appropriate for any of the claims

asserted.


24

JURY DEMAND

Plaintiff requests a trial by jury of all claims that can so be tried.

RESPECTFULLY SUBMITTED this 10th day of March, 2015.

MATTINGLY BURKE COHEN

BIDERMAN LLP

By: /s/ Sean P. Burke

Hamish S. Cohen, #22931-53

Sean P. Burke, #26995-49

3646 N. Washington Blvd.

Indianapolis, IN 46205

Tel: (317) 614-7320

[email protected]

[email protected]

KELLER ROHRBACK L.L.P.

Lynn Lincoln Sarko, pro hac vice forthcoming

Gretchen Freeman Cappio, pro hac vice

forthcoming

Cari Campen Laufenberg, pro hac vice

forthcoming

1201 Third Avenue, Suite 3200

Seattle, WA 98101-3052

Tel: (206) 623-1900

Fax: (206) 623-3384

[email protected]

[email protected]

[email protected]

Attorneys for Plaintiff


JS 44 (Rev. 12/12) CIVIL COVER SHEETThe JS 44 civil cover sheet and the information contained herein neither replace nor supplement the filing and service of pleadings or other papers as required by law, except asprovided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, is required for the use of the Clerk of Court for thepurpose of initiating the civil docket sheet. (SEE INSTRUCTIONS ON NEXT PAGE OF THIS FORM.)

I. (a) PLAINTIFFS DEFENDANTS

(b) County of Residence of First Listed Plaintiff County of Residence of First Listed Defendant(EXCEPT IN U.S. PLAINTIFF CASES) (IN U.S. PLAINTIFF CASES ONLY)

NOTE: IN LAND CONDEMNATION CASES, USE THE LOCATION OF THE TRACT OF LAND INVOLVED.

(c) Attorneys (Firm Name, Address, and Telephone Number) Attorneys (If Known)

II. BASIS OF JURISDICTION (Place an “X” in One Box Only) III. CITIZENSHIP OF PRINCIPAL PARTIES (Place an “X” in One Box for Plaintiff(For Diversity Cases Only) and One Box for Defendant)

’ 1 U.S. Government ’ 3 Federal Question PTF DEF PTF DEFPlaintiff (U.S. Government Not a Party) Citizen of This State ’ 1 ’ 1 Incorporated or Principal Place ’ 4 ’ 4

of Business In This State

’ 2 U.S. Government ’ 4 Diversity Citizen of Another State ’ 2 ’ 2 Incorporated and Principal Place ’ 5 ’ 5Defendant (Indicate Citizenship of Parties in Item III) of Business In Another State

Citizen or Subject of a ’ 3 ’ 3 Foreign Nation ’ 6 ’ 6 Foreign Country

IV. NATURE OF SUIT (Place an “X” in One Box Only)CONTRACT TORTS FORFEITURE/PENALTY BANKRUPTCY OTHER STATUTES

’ 110 Insurance PERSONAL INJURY PERSONAL INJURY ’ 625 Drug Related Seizure ’ 422 Appeal 28 USC 158 ’ 375 False Claims Act’ 120 Marine ’ 310 Airplane ’ 365 Personal Injury - of Property 21 USC 881 ’ 423 Withdrawal ’ 400 State Reapportionment’ 130 Miller Act ’ 315 Airplane Product Product Liability ’ 690 Other 28 USC 157 ’ 410 Antitrust’ 140 Negotiable Instrument Liability ’ 367 Health Care/ ’ 430 Banks and Banking’ 150 Recovery of Overpayment ’ 320 Assault, Libel & Pharmaceutical PROPERTY RIGHTS ’ 450 Commerce

& Enforcement of Judgment Slander Personal Injury ’ 820 Copyrights ’ 460 Deportation’ 151 Medicare Act ’ 330 Federal Employers’ Product Liability ’ 830 Patent ’ 470 Racketeer Influenced and’ 152 Recovery of Defaulted Liability ’ 368 Asbestos Personal ’ 840 Trademark Corrupt Organizations

Student Loans ’ 340 Marine Injury Product ’ 480 Consumer Credit (Excludes Veterans) ’ 345 Marine Product Liability LABOR SOCIAL SECURITY ’ 490 Cable/Sat TV

’ 153 Recovery of Overpayment Liability PERSONAL PROPERTY ’ 710 Fair Labor Standards ’ 861 HIA (1395ff) ’ 850 Securities/Commodities/ of Veteran’s Benefits ’ 350 Motor Vehicle ’ 370 Other Fraud Act ’ 862 Black Lung (923) Exchange

’ 160 Stockholders’ Suits ’ 355 Motor Vehicle ’ 371 Truth in Lending ’ 720 Labor/Management ’ 863 DIWC/DIWW (405(g)) ’ 890 Other Statutory Actions’ 190 Other Contract Product Liability ’ 380 Other Personal Relations ’ 864 SSID Title XVI ’ 891 Agricultural Acts’ 195 Contract Product Liability ’ 360 Other Personal Property Damage ’ 740 Railway Labor Act ’ 865 RSI (405(g)) ’ 893 Environmental Matters’ 196 Franchise Injury ’ 385 Property Damage ’ 751 Family and Medical ’ 895 Freedom of Information

’ 362 Personal Injury - Product Liability Leave Act Act Medical Malpractice ’ 790 Other Labor Litigation ’ 896 Arbitration

REAL PROPERTY CIVIL RIGHTS PRISONER PETITIONS ’ 791 Employee Retirement FEDERAL TAX SUITS ’ 899 Administrative Procedure’ 210 Land Condemnation ’ 440 Other Civil Rights Habeas Corpus: Income Security Act ’ 870 Taxes (U.S. Plaintiff Act/Review or Appeal of ’ 220 Foreclosure ’ 441 Voting ’ 463 Alien Detainee or Defendant) Agency Decision’ 230 Rent Lease & Ejectment ’ 442 Employment ’ 510 Motions to Vacate ’ 871 IRS—Third Party ’ 950 Constitutionality of’ 240 Torts to Land ’ 443 Housing/ Sentence 26 USC 7609 State Statutes’ 245 Tort Product Liability Accommodations ’ 530 General’ 290 All Other Real Property ’ 445 Amer. w/Disabilities - ’ 535 Death Penalty IMMIGRATION

Employment Other: ’ 462 Naturalization Application’ 446 Amer. w/Disabilities - ’ 540 Mandamus & Other ’ 465 Other Immigration

Other ’ 550 Civil Rights Actions’ 448 Education ’ 555 Prison Condition

’ 560 Civil Detainee - Conditions of Confinement

V. ORIGIN (Place an “X” in One Box Only)

’ 1 OriginalProceeding

’ 2 Removed fromState Court

’ 3 Remanded fromAppellate Court

’ 4 Reinstated orReopened

’ 5 Transferred fromAnother District(specify)

’ 6 MultidistrictLitigation

VI. CAUSE OF ACTION

Cite the U.S. Civil Statute under which you are filing (Do not cite jurisdictional statutes unless diversity): Brief description of cause:

VII. REQUESTED IN COMPLAINT:

’ CHECK IF THIS IS A CLASS ACTIONUNDER RULE 23, F.R.Cv.P.

DEMAND $ CHECK YES only if demanded in complaint:JURY DEMAND: ’ Yes ’ No

VIII. RELATED CASE(S) IF ANY (See instructions):

JUDGE DOCKET NUMBERDATE SIGNATURE OF ATTORNEY OF RECORD

FOR OFFICE USE ONLY

RECEIPT # AMOUNT APPLYING IFP JUDGE MAG. JUDGE

Case 1:15-cv-00403-SEB-TAB Document 1-1 Filed 03/10/15 Page 1 of 2 PageID #: 25

Failure to safeguard consumer and employee information

3/10/2015

Marion County, Indiana

Class Action Fairness Act, 28 USC 1332

AMANDA HADLEY, individually and on behalf of all others similarlysituated

North Carolina

/s/ Sean Burke

Sean Burke, Hamish Cohen, Mattingly Burke Cohen Biederman LLP,3646 N. Washington Blvd., Indianapolis, IN 46205, 317-614-7320,[email protected]; [email protected]

Anthem, Inc.

JS 44 Reverse (Rev. 12/12)

INSTRUCTIONS FOR ATTORNEYS COMPLETING CIVIL COVER SHEET FORM JS 44

Authority For Civil Cover Sheet

The JS 44 civil cover sheet and the information contained herein neither replaces nor supplements the filings and service of pleading or other papers asrequired by law, except as provided by local rules of court. This form, approved by the Judicial Conference of the United States in September 1974, isrequired for the use of the Clerk of Court for the purpose of initiating the civil docket sheet. Consequently, a civil cover sheet is submitted to the Clerk ofCourt for each civil complaint filed. The attorney filing a case should complete the form as follows:

I.(a) Plaintiffs-Defendants. Enter names (last, first, middle initial) of plaintiff and defendant. If the plaintiff or defendant is a government agency, use only the full name or standard abbreviations. If the plaintiff or defendant is an official within a government agency, identify first the agency and then the official, giving both name and title.

(b) County of Residence. For each civil case filed, except U.S. plaintiff cases, enter the name of the county where the first listed plaintiff resides at the time of filing. In U.S. plaintiff cases, enter the name of the county in which the first listed defendant resides at the time of filing. (NOTE: In land condemnation cases, the county of residence of the "defendant" is the location of the tract of land involved.)

(c) Attorneys. Enter the firm name, address, telephone number, and attorney of record. If there are several attorneys, list them on an attachment, notingin this section "(see attachment)".

II. Jurisdiction. The basis of jurisdiction is set forth under Rule 8(a), F.R.Cv.P., which requires that jurisdictions be shown in pleadings. Place an "X" in one of the boxes. If there is more than one basis of jurisdiction, precedence is given in the order shown below.United States plaintiff. (1) Jurisdiction based on 28 U.S.C. 1345 and 1348. Suits by agencies and officers of the United States are included here.United States defendant. (2) When the plaintiff is suing the United States, its officers or agencies, place an "X" in this box.Federal question. (3) This refers to suits under 28 U.S.C. 1331, where jurisdiction arises under the Constitution of the United States, an amendment to the Constitution, an act of Congress or a treaty of the United States. In cases where the U.S. is a party, the U.S. plaintiff or defendant code takes precedence, and box 1 or 2 should be marked.Diversity of citizenship. (4) This refers to suits under 28 U.S.C. 1332, where parties are citizens of different states. When Box 4 is checked, the citizenship of the different parties must be checked. (See Section III below; NOTE: federal question actions take precedence over diversity cases.)

III. Residence (citizenship) of Principal Parties. This section of the JS 44 is to be completed if diversity of citizenship was indicated above. Mark thissection for each principal party.

IV. Nature of Suit. Place an "X" in the appropriate box. If the nature of suit cannot be determined, be sure the cause of action, in Section VI below, is sufficient to enable the deputy clerk or the statistical clerk(s) in the Administrative Office to determine the nature of suit. If the cause fits more than one nature of suit, select the most definitive.

V. Origin. Place an "X" in one of the six boxes.Original Proceedings. (1) Cases which originate in the United States district courts.Removed from State Court. (2) Proceedings initiated in state courts may be removed to the district courts under Title 28 U.S.C., Section 1441. When the petition for removal is granted, check this box.Remanded from Appellate Court. (3) Check this box for cases remanded to the district court for further action. Use the date of remand as the filing date.Reinstated or Reopened. (4) Check this box for cases reinstated or reopened in the district court. Use the reopening date as the filing date.Transferred from Another District. (5) For cases transferred under Title 28 U.S.C. Section 1404(a). Do not use this for within district transfers or multidistrict litigation transfers.Multidistrict Litigation. (6) Check this box when a multidistrict case is transferred into the district under authority of Title 28 U.S.C. Section 1407. When this box is checked, do not check (5) above.

VI. Cause of Action. Report the civil statute directly related to the cause of action and give a brief description of the cause. Do not cite jurisdictional statutes unless diversity. Example: U.S. Civil Statute: 47 USC 553 Brief Description: Unauthorized reception of cable service

VII. Requested in Complaint. Class Action. Place an "X" in this box if you are filing a class action under Rule 23, F.R.Cv.P.Demand. In this space enter the actual dollar amount being demanded or indicate other demand, such as a preliminary injunction.Jury Demand. Check the appropriate box to indicate whether or not a jury is being demanded.

VIII. Related Cases. This section of the JS 44 is used to reference related pending cases, if any. If there are related pending cases, insert the docket numbers and the corresponding judge names for such cases.

Date and Attorney Signature. Date and sign the civil cover sheet.


AO 440 (Rev. 06/12) Summons in a Civil Action

UNITED STATES DISTRICT COURTfor the

__________ District of __________

))))))))))))

Plaintiff(s)

v. Civil Action No.

Defendant(s)

SUMMONS IN A CIVIL ACTION

To: (Defendant’s name and address)

A lawsuit has been filed against you.

Within 21 days after service of this summons on you (not counting the day you received it) — or 60 days if youare the United States or a United States agency, or an officer or employee of the United States described in Fed. R. Civ.P. 12 (a)(2) or (3) — you must serve on the plaintiff an answer to the attached complaint or a motion under Rule 12 ofthe Federal Rules of Civil Procedure. The answer or motion must be served on the plaintiff or plaintiff’s attorney,whose name and address are:

If you fail to respond, judgment by default will be entered against you for the relief demanded in the complaint. You also must file your answer or motion with the court.

CLERK OF COURT

Date:Signature of Clerk or Deputy Clerk


Hamish S. CohenSean P. BurkeMattingly Burke Cohen & Biederman, LLP3646 Washington Blvd.Indianapolis, Indiana 46205

Anthem, Inc.C/o Kathleen S. Kiefer, its registered agent120 Monument CircleIndianapolis, Indiana 46204

15-cv-405

AMANDA HADLEY, individually and on behalf of allothers similarly situated

Anthem, Inc. an Indiana Corporation

Southern District of Indiana

AO 440 (Rev. 06/12) Summons in a Civil Action (Page 2)

Civil Action No.

PROOF OF SERVICE

(This section should not be filed with the court unless required by Fed. R. Civ. P. 4 (l))

This summons for (name of individual and title, if any)

was received by me on (date) .

’ I personally served the summons on the individual at (place)

on (date) ; or

’ I left the summons at the individual’s residence or usual place of abode with (name)

, a person of suitable age and discretion who resides there,

on (date) , and mailed a copy to the individual’s last known address; or

’ I served the summons on (name of individual) , who is

designated by law to accept service of process on behalf of (name of organization)

on (date) ; or

’ I returned the summons unexecuted because ; or

’ Other (specify):

.

My fees are $ for travel and $ for services, for a total of $ .

I declare under penalty of perjury that this information is true.

Date:Server’s signature

Printed name and title

Server’s address

Additional information regarding attempted service, etc:


15-cv-405

0

united states district court for the southern district of indiana …1... · · 2015-03-231...

Documents