- New York’s court lawyer filed a lawsuit against Allstate for two data violations
- The case says the company did not notify customers and the attacking government
- Allstate denied any wrongdoing and said it was dealing with the problem correctly
The US insurance giant Allstate has been hit by a lawsuit for allegedly losing sensitive customer data and not notifying the victims of what had happened.
The State of New York has sued Allstate’s national general entity, with Attorney General Latitia James filing the trial in a state law in Manhattan and claiming that the company’s slack security practice resulted in two data violations, one in 2020, and one in 2021, which was not even reported on the trial. The first violation that happened between August and November 2020 apparently affected 12,000 individuals (9,100 New Yorkers). National General did not find the attack for two months and never informed concerned customers or state agencies of the attack.
The second attack, which occurred in February 2021, affected another 187,000 customers (155,000 New Yorkers) and took place after Allstate acquired the National General in January 2021 for approx. $ 4 billion.
Violation of Stop Hacks Action
These two attacks, and the way Allstate (failed to) cope with them are contrary to the state’s stophacks and improves the electronic data security law, argued James. Furthermore, the company violated state consumer protection laws by misleading its customers about its data security practices.
Now James is looking for civilian files of $ 5,000 per day. Violation plus other remedies, Pakinomist added.
“The National General’s weak cyber security excellent hackers to steal New Yorkers’ personal data, not once but twice,” James said. “It is important that companies take cyber security seriously to protect consumers from fraud and identity theft.”
In his statement, AllState refused all the wrongdoing and claimed to have dealt with the events in a timely, proper way.
“We solved this problem many years ago and immediately secured our systems after finding vulnerabilities in online citing tools that could have exposed the driver’s license numbers,” it said. “We immediately notified regulators, contacted potentially affected consumers and offered free credit monitoring as a caution.”
Via Pakinomist
