Several insurance companies operating under the names National General and Allstate are currently facing a lawsuit filed by the New York State Attorney General, who claims they did not adequately safeguard consumers’ personal information.
According to the lawsuit, National General did not inform affected consumers about a data breach that occurred in 2021, failed to assess whether sensitive data was compromised in other areas of its system, and permitted a larger breach to occur in 2022, as stated in a press release from the Attorney General’s Office on March 10.
The lawsuit also contends that National General did not establish sufficient data security measures, both prior to and following Allstate’s takeover of its data security operations, as mentioned in the release. Allstate completed its $4 billion acquisition of National General Holdings Corp. in January 2021, as noted in a previous press release.
“National General’s weak cybersecurity emboldened hackers to steal New Yorkers’ personal data, not once but twice in two separate cyberattacks,” New York Attorney General Letitia James said in the release. “National General mishandled New Yorkers’ personal information and violated the law by failing to inform them that their data was stolen.”
Reached by PYMNTS, Allstate said in an emailed statement: “We resolved this issue years ago, promptly securing our systems after finding vulnerabilities in online quoting tools that could have exposed driver’s license numbers. We promptly notified regulators, contacted potentially affected consumers and offered free credit monitoring as a precaution.”
National General has not yet responded to PYMNTS’ request for a comment. The Office of the Attorney General’s press release states that the initial data breach affected the driver’s license numbers of nearly 12,000 individuals, while a subsequent breach impacted an additional 187,000 consumers. The lawsuit aims for penalties and an injunction to prevent any ongoing violations, according to the release.
“Under New York law, companies that own or license New Yorkers’ private data must take appropriate steps to secure it,” the release said.
In December, PYMNTS reported that data breaches compromised millions of user records in 2024. These incidents were among the most advanced and harmful attacks ever recorded, highlighting the weaknesses in an increasingly digital environment.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
