(Bloomberg) — Health insurer Anthem Inc. agreed to pay $115 million to resolve consumer claims over a 2015 cyber attack that compromised data on 78.8 million people, marking what attorneys in the case called the largest data-breach settlement in history.

The proposed accord, which would end class-action lawsuits filed in several states, requires approval from a federal judge in San Jose, Calif. Anthem sells coverage under the Blue Cross and Blue Shield brand in 14 states.

2017 Digital Hospital 500 Report

Original Research Ranks & Analyzes the 500 Leading Hospitals in Digital and Mobile Healthcare

View Details

“We are pleased to be putting this litigation behind us, and to be providing additional substantial benefits to individuals whose data was or may have been involved in the cyber attack and who will now be members of the settlement class,” the Indianapolis-based company noted Friday in a statement.

Anthem didn’t admit any wrongdoing in the settlement.

The company says in February 2015 that hackers obtained data on tens of millions of current and former customers and employees that led to a probe by the Federal Bureau of Investigation. The information compromised included names, birth dates, Social Security numbers, medical indentifiers, street and e-mail addresses and employee data, including income, Anthem says.

As part of the proposed settlement, $15 million would be set aside to pay for out-of-pocket expenses incurred as a result of the data breach.

The proposal filed Friday would require Anthem to establish a fund to buy at least two years of credit monitoring services for the class to help protect them from fraud.

For individual class members who already have their own credit-monitoring services and don’t want to enroll in the settlement’s plan, the settlement provides alternative compensation of as much as $50 per class member.

The plan also requires Anthem to spend an undisclosed amount to help protect members’ personal information over the next three years.

In 2015, after the breach was made public, Anthem established a website, anthemfacts.com, where people affected by the breach could sign up for two years of credit monitoring.

On Feb. 15, 2015 Anthem, with more than 38 million consumers directly enrolled in its various insurance company affiliates, reported a data breach that included the records of about 78.8 million consumers including about 12 million minors, says the California Department of Insurance.

The data breach occurred when an employee at an unnamed Anthem subsidiary opened a phishing e-mail containing malicious content.

Opening the e-mail permitted the download of malicious files to the user’s computer and allowed hackers to gain remote access to that computer and at least 90 other systems within the Anthem enterprise, including Anthem’s data warehouse, says the California Department of Insurance.

In the wake of the data breach, Anthem has spent nearly $260 million developing better security programs although

Anthem didn’t release many details.

Specific costs included $115 million in security improvements, $112 million to supply credit protection service to customers who had their records stolen, $31 million to notify the customers about the breach and related communication services and $2.5 million to hire security and technology consultants.