Click here to visit Original posting
- New York's Attorney General filed a lawsuit against Allstate for two data breaches
- The suit says the company did not notify customers and the government of the attacks
- Allstate denied any wrongdoing, saying it addressed the issue properly
US insurance giant Allstate has been hit with a lawsuit for allegedly losing sensitive customer data and not notifying victims about what had happened.
The State of New York has sued Allstate’s National General unit, with Attorney General Letitia James filing the lawsuit in a state court in Manhattan, claiming the company’s lax security practices resulted in two data breaches, one in 2020, and one in 2021, which weren’t even reported on until the lawsuit. The first breach, which happened between August and November 2020, apparently affected 12,000 individuals (9,100 New Yorkers). National General did not spot the attack for two months, and never notified affected customers, or state agencies of the attack.
The second attack, which happened in February 2021, affected an additional 187,000 customers (155,000 New Yorkers), and occurred after Allstate acquired National General in January 2021 for roughly $4 billion.
Violating the Stop Hacks act
These two attacks, and the way Allstate (failed to) tackled them, is in violation of the state’s Stop Hacks and Improve Electronic Data Security Act, James argued. Furthermore, the company violated state consumer protection laws, by misleading its customers about its data security practices.
Now, James seeks civil files of $5,000 per violation, plus other remedies, Reuters added.
"National General's weak cybersecurity emboldened hackers to steal New Yorkers' personal data, not once but twice," James said. "It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft."
In its statement, Allstate denied all wrongdoing and claimed to have addressed the incidents in a timely, proper fashion.
"We resolved this issue years ago, promptly securing our systems after finding vulnerabilities in online quoting tools that could have exposed drivers' license numbers," it said. "We promptly notified regulators, contacted potentially affected consumers and offered free credit monitoring as a precaution."
Via Reuters
You might also like
- Lost & Found tracking site hit by major data breach - over 800,000 could be affected
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app