Allstate sued for exposing personal customer information in plaintext

News
By
published

Two data breaches were never reported, lawsuit claims

Representational image of a cybercriminal
Image Credit: Pixabay (Image credit: Pixabay)
  • New York's Attorney General filed a lawsuit against Allstate for two data breaches
  • The suit says the company did not notify customers and the government of the attacks
  • Allstate denied any wrongdoing, saying it addressed the issue properly

US insurance giant Allstate has been hit with a lawsuit for allegedly losing sensitive customer data and not notifying victims about what had happened.

The State of New York has sued Allstate’s National General unit, with Attorney General Letitia James filing the lawsuit in a state court in Manhattan, claiming the company’s lax security practices resulted in two data breaches, one in 2020, and one in 2021, which weren’t even reported on until the lawsuit. The first breach, which happened between August and November 2020, apparently affected 12,000 individuals (9,100 New Yorkers). National General did not spot the attack for two months, and never notified affected customers, or state agencies of the attack.

The second attack, which happened in February 2021, affected an additional 187,000 customers (155,000 New Yorkers), and occurred after Allstate acquired National General in January 2021 for roughly $4 billion.

Violating the Stop Hacks act

These two attacks, and the way Allstate (failed to) tackled them, is in violation of the state’s Stop Hacks and Improve Electronic Data Security Act, James argued. Furthermore, the company violated state consumer protection laws, by misleading its customers about its data security practices.

Now, James seeks civil files of $5,000 per violation, plus other remedies, Reuters added.

"National General's weak cybersecurity emboldened hackers to steal New Yorkers' personal data, not once but twice," James said. "It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft."

In its statement, Allstate denied all wrongdoing and claimed to have addressed the incidents in a timely, proper fashion.

"We resolved this issue years ago, promptly securing our systems after finding vulnerabilities in online quoting tools that could have exposed drivers' license numbers," it said. "We promptly notified regulators, contacted potentially affected consumers and offered free credit monitoring as a precaution."

Via Reuters

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Security
American National Insurance Company breach data found online
Data Breach
US state sues T-Mobile over 2021 data breach which leaked data of millions
Outdoor photograph of a pair of hands holding a smartphone with navigator location points in the background
Millions of phone location records feared leaked as one of the biggest data leaks ever may be a whole lot worse
Insurance
Globe Life data breach may have affected 850,000 more patients than previously thought
Someone holding a passport with two boarding passes inside it
Top digital loan firm security slip-up puts data of 36 million users at risk
Ransomware
Top cannabis brand Stiiizy says hackers got access to its systems
Latest in Security
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
AMD logo
Security flaw means AMD Zen CPUs can be "jailbroken"
Latest in News
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
iOS 18 Control Center
iOS 19: the 3 biggest rumors so far, and what I want to see
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'
DVDs in a pile
Warner Bros is replacing some DVDs that ‘rot’ and become unwatchable – but there’s a big catch that undermines the value of physical media
A costumed Matt Murdock smiles at someone off-camera in Netflix's Daredevil TV show
Daredevil: Born Again is Disney+'s biggest series of 2025 so far, but another Marvel TV show has performed even better
More about security
Scam alert

A new SMS energy scam is using Elon Musk’s face to steal your money
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

Nation-state threats are targeting UK AI research
NYT Strands homescreen on a mobile phone screen, on a light blue background

NYT Strands hints and answers for Wednesday, March 12 (game #374)
See more latest
Most Popular
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Wednesday, March 12 (game #374)
Quordle on a smartphone held in a hand
Quordle hints and answers for Wednesday, March 12 (game #1143)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Wednesday, March 12 (game #640)
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Want to buy an RX 9070 or 9070 XT but fed up of the GPUs being out of stock? AMD promises that “more supply is coming ASAP”
Cowabunga, dude!
Teenage Mutant Ninja Turtles: Shredder’s Revenge, a nostalgic beat-em-up with beautiful pixel graphics, is finally coming to mobile next month
Empirical Health biomarkers
This new health protocol combines 40 smartwatch biomarkers and blood tests to give you a health score
LG C5 OLED T V with forest road and car on screen
LG reveals US pricing for the LG G5 and LG C5 OLED TVs, and it's great news for OLED fans
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Doom: The Dark Ages
Doom: The Dark Ages' director confirms DLC is in the works and says the game won't end the way 2016's Doom begins: 'If we took it all the way to that point, then that would mean that we couldn't tell any more medieval stories'