Allstate sued for exposing personal customer information in plaintext

News
By published

Two data breaches were never reported, lawsuit claims

Representational image of a cybercriminal
Image Credit: Pixabay (Image credit: Pixabay)
  • New York's Attorney General filed a lawsuit against Allstate for two data breaches
  • The suit says the company did not notify customers and the government of the attacks
  • Allstate denied any wrongdoing, saying it addressed the issue properly

US insurance giant Allstate has been hit with a lawsuit for allegedly losing sensitive customer data and not notifying victims about what had happened.

The State of New York has sued Allstate’s National General unit, with Attorney General Letitia James filing the lawsuit in a state court in Manhattan, claiming the company’s lax security practices resulted in two data breaches, one in 2020, and one in 2021, which weren’t even reported on until the lawsuit. The first breach, which happened between August and November 2020, apparently affected 12,000 individuals (9,100 New Yorkers). National General did not spot the attack for two months, and never notified affected customers, or state agencies of the attack.

The second attack, which happened in February 2021, affected an additional 187,000 customers (155,000 New Yorkers), and occurred after Allstate acquired National General in January 2021 for roughly $4 billion.

Violating the Stop Hacks act

These two attacks, and the way Allstate (failed to) tackled them, is in violation of the state’s Stop Hacks and Improve Electronic Data Security Act, James argued. Furthermore, the company violated state consumer protection laws, by misleading its customers about its data security practices.

Now, James seeks civil files of $5,000 per violation, plus other remedies, Reuters added.

"National General's weak cybersecurity emboldened hackers to steal New Yorkers' personal data, not once but twice," James said. "It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft."

In its statement, Allstate denied all wrongdoing and claimed to have addressed the incidents in a timely, proper fashion.

"We resolved this issue years ago, promptly securing our systems after finding vulnerabilities in online quoting tools that could have exposed drivers' license numbers," it said. "We promptly notified regulators, contacted potentially affected consumers and offered free credit monitoring as a precaution."

Via Reuters

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Security
American National Insurance Company breach data found online
Data Breach
US state sues T-Mobile over 2021 data breach which leaked data of millions
Insurance
Globe Life data breach may have affected 850,000 more patients than previously thought
Outdoor photograph of a pair of hands holding a smartphone with navigator location points in the background
Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Ransomware
Top cannabis brand Stiiizy says hackers got access to its systems
Latest in Security
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
AI fashion
I asked ChatGPT 4o, Gemini Live, and Siri what to wear, and only one could really help me look my best
Seagate's new Genshin Impact Limited Edition SSD on a desk.
I didn't know an SSD could be cute until I saw Seagate's new Genshin Impact limited edition
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
More about security
ransomware avast

One of the most powerful ransomware hacks around has been cracked using some serious GPU power
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

Microsoft 365 accounts are under attack from new malware spoofing popular work apps
An abstract image of digital security.

Technology monitoring solutions are becoming obsolete
See more latest
Most Popular
AI fashion
I asked ChatGPT 4o, Gemini Live, and Siri what to wear, and only one could really help me look my best
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 18 (game #646)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)
Seagate's new Genshin Impact Limited Edition SSD on a desk.
I didn't know an SSD could be cute until I saw Seagate's new Genshin Impact limited edition
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Snap Spectacles 5
Latest Snap Spectacles update teases an exciting AR future that I can't wait for
Renault 5 Turbo 3E
Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical handbrake for drifting
3D version of the Adobe logo
Adobe Summit 2025 - all the news and updates as it happens