New York state has filed a lawsuit against Allstate, accusing its National General unit of failing to report a data breach that exposed the drivers’ license numbers of over 165,000 New Yorkers.
The lawsuit, filed by Attorney General Letitia James in a Manhattan state court, alleges that National General’s poor cybersecurity led to two data breaches in 2020 and 2021.
Hackers targeted National General’s online auto insurance quoting tools, accessing license numbers of nearly 200,000 people overall.
The first breach occurred between August and November 2020, but National General did not notify affected drivers or state agencies.
It took three months to discover the second, larger breach in January 2021.
According to James, National General violated New York’s Stop Hacks and Improve Electronic Data Security Act by failing to protect customer information.
The company also misled customers about its data security practices, violating state consumer protection laws. The lawsuit seeks civil fines of $5,000 per violation, along with other remedies.
“National General’s weak cybersecurity allowed hackers to steal New Yorkers’ personal data twice,” James said. “Companies must take cybersecurity seriously to protect consumers from fraud and identity theft.”
Allstate defended its actions, stating that it resolved the issue years ago by securing its systems and notifying regulators. The company also offered free credit monitoring to affected consumers. Allstate acquired National General for about $4 billion in January 2021.
This lawsuit comes after New York recently fined other insurance companies, including Geico and Travelers, for similar security lapses that compromised drivers’ personal information.
Read more:
