Humana Inc. has agreed to pay for up to two years of credit report monitoring for North Dakota customers who may have had their private financial information stolen, Insurance Commissioner Jim Poolman said.

The monitoring is intended to track whether an identity thief attempts to use the information to borrow money, establish credit or commit some other act of fraud, Poolman said.

The settlement affects about 126 Humana customers in North Dakota, most of whom signed up for the insurer's Medicare prescription drug benefit coverage, Poolman said.

Humana, which is based in Louisville, Ky., has also agreed to pay the Insurance Department $50,000 to defray the state's investigation costs, the insurance commissioner said.

"This is a great lesson to be learned for insurance companies on how they need to treat customers' information, especially their personal information," Poolman said Tuesday.

A company spokesman did not respond to telephone and e-mail messages left for comment. This year, Humana has enrolled more than 3.5 million people in a Medicare prescription drug plan, the company says.

The settlement was in response to two unrelated incidents in which personal information about Humana customers, including Social Security numbers and birth dates, were taken.

In one incident, Medicare drug benefit applications were stolen last May from an insurance agent's unlocked car in Brooklyn Park, Minn., a suburb of Minneapolis.

In June, an employee of the federal Department of Health and Human Services discovered a spreadsheet on a Baltimore hotel computer that included the names of about 17,000 Humana customers. A Humana employee had called up the information and then failed to delete it.

Under the North Dakota settlement, Humana has agreed to pay for a credit-monitoring service for at least one year if an affected customer requests it. If any of the customers notices unusual activity with their credit report, the monitoring will be extended for another year, Poolman said.

Humana must also report the names of any customer who asks for the monitoring to the Insurance Department, he said.

Humana agreed to a similar arrangement last June with the U.S. Department of Health and Human Services after the customer information was discovered on the Baltimore hotel computer. Humana agreed then to contact affected customers, and give them a one-year subscription to a credit monitoring service.

Poolman said he knew of no instances in which a North Dakota customer's private information had been misused.

"We have contacted every one of the affected policyholders in North Dakota, and have asked them to report to us if anything happens," he said. "We are also getting biweekly reports from the company on any policyholder contact related to the breach."