While insurance giants promise protection against life’s disasters, they seem less capable of shielding customers from data breaches. New York Attorney General Letitia James has filed a lawsuit against National General Holdings Corp and Allstate Insurance Company for allegedly failing to implement reasonable security measures, exposing driver’s license numbers of over 165,000 New Yorkers.
Insurance titans excel at protecting profits, not personal data, as 165,000 New Yorkers just discovered the hard way.
The companies’ online auto insurance quoting tools were apparently digital sieves. Websites displayed full driver’s license numbers in plain text. Minimal user input was needed to access sensitive data. Not exactly Fort Knox-level security from companies that handle our most personal information.
Two separate breaches occurred between August and November 2020, with another detected in January 2021. In total, nearly 200,000 individuals nationwide had their information compromised. The timing is interesting – Allstate acquired National General in January 2021, right as these security nightmares were unfolding.
The lawsuit alleges violations of New York’s SHIELD Act, claiming the companies failed to adopt reasonable data protection measures and inadequately monitored for unusual activity. They also allegedly misrepresented their data security practices to customers. Trust us with your data! We’ll leave it practically unguarded!
Allstate has responded by claiming the issue was resolved years ago, systems were promptly secured, and affected consumers were notified. They even offered free credit monitoring. How generous after the barn door was left wide open. Implementing proper layered defenses could have prevented these breaches from occurring in the first place.
This case isn’t happening in isolation. New York regulators recently imposed a $20 million fine on auto insurers, with GEICO and Travelers paying $11.3 million for security weaknesses. The industry is facing mounting pressure for transparency in security practices. GEICO’s security troubles began when their insurance agents quoting tool was compromised in November 2020, affecting thousands of customers.
National General’s negligence was particularly egregious as they failed to detect the first breach for two months straight, allowing attackers continued access to sensitive consumer information.
If successful, the lawsuit could result in financial penalties, restitution for affected consumers, and court-ordered improvements to data protection measures. It might also establish new legal precedents for insurers. Maybe next time they’ll protect our data as carefully as they protect their profits.
