New York sues Allstate over data breach, alleged security lapses
Technology
New York sues Allstate over data breach, alleged security lapses
NEW YORK, March 10 (Reuters) - New York state sued Allstate on Monday, accusing the insurer's National General unit of failing to report a data breach that exposed drivers' license numbers, and lacking reasonable safeguards to protect drivers' private information.
The lawsuit by New York Attorney General Letitia James was filed in a state court in Manhattan.
James said National General's poor data security led to back-to-back breaches in 2020 and 2021, when hackers targeting its online auto insurance quoting tools accessed license numbers of more than 165,000 New Yorkers and 199,000 people overall.
National General allegedly did not notify drivers or New York state agencies about the first breach, which occurred between August and November 2020, and needed three months to uncover the much larger second breach in January 2021.
James said National General violated the state's Stop Hacks and Improve Electronic Data Security Act for failing to protect customer information, and violated state consumer protection laws by misleading customers about its data security practices.
The lawsuit seeks civil fines of $5,000 per violation, plus other remedies.
"National General's weak cybersecurity emboldened hackers to steal New Yorkers personal data, not once but twice," James said. "It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft."
