1. Forum
  2. FidoNet
  3. POLITICS

  • Allstate sued for exposin

    From Mike Powell@1:2320/105 to All on Wed Mar 12 08:34:00 2025
    Allstate sued for exposing personal customer information in plaintext

    Date:
    Tue, 11 Mar 2025 15:04:00 +0000

    Description:
    Allstate denies any wrongdoing over alleged data breaches.

    FULL STORY ======================================================================
    - New York's Attorney General filed a lawsuit against Allstate for two data breaches
    - The suit says the company did not notify customers and the government of
    the attacks
    - Allstate denied any wrongdoing, saying it addressed the issue properly

    US insurance giant Allstate has been hit with a lawsuit for allegedly losing sensitive customer data and not notifying victims about what had happened.

    The State of New York has sued Allstates National General unit, with Attorney General Letitia James filing the lawsuit in a state court in Manhattan, claiming the companys lax security practices resulted in two data breaches , one in 2020, and one in 2021, which werent even reported on until the
    lawsuit. The first breach, which happened between August and November 2020, apparently affected 12,000 individuals (9,100 New Yorkers). National General did not spot the attack for two months, and never notified affected
    customers, or state agencies of the attack.

    The second attack, which happened in February 2021, affected an additional 187,000 customers (155,000 New Yorkers), and occurred after Allstate acquired National General in January 2021 for roughly $4 billion.

    Violating the Stop Hacks act

    These two attacks, and the way Allstate (failed to) tackled them, is in violation of the states Stop Hacks and Improve Electronic Data Security Act, James argued. Furthermore, the company violated state consumer protection
    laws, by misleading its customers about its data security practices.

    Now, James seeks civil files of $5,000 per violation, plus other remedies, Reuters added.

    "National General's weak cybersecurity emboldened hackers to steal New
    Yorkers' personal data, not once but twice," James said. "It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft."

    In its statement, Allstate denied all wrongdoing and claimed to have
    addressed the incidents in a timely, proper fashion.

    "We resolved this issue years ago, promptly securing our systems after
    finding vulnerabilities in online quoting tools that could have exposed drivers' license numbers," it said. "We promptly notified regulators,
    contacted potentially affected consumers and offered free credit monitoring
    as a precaution."

    Via Reuters

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/allstate-sued-by-exposing-personal-cust omer-information-in-plaintext

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)