Excerpt from PYMNTS Article, Published on Mar 10, 2025.
New York has filed a lawsuit against Allstate and National General Insurance after two major data breaches exposed sensitive consumer information, raising concerns about data security practices within large insurance companies. The New York State Attorney General alleges that Allstate and its acquired subsidiary, National General Insurance, failed to safeguard customers’ personal data, violating data protection laws. The lawsuit follows two significant breaches, with the first occurring in 2021, compromising nearly 12,000 driver’s license numbers, and a second, larger breach in 2022, affecting an additional 187,000 consumers.
The Office of the Attorney General asserts that National General Insurance failed to notify affected customers after the 2021 breach and did not assess whether other sensitive data was exposed. Despite Allstate acquiring National General in 2021 for $4 billion, the company’s security measures reportedly remained weak, leading to the subsequent breach in 2022. According to Attorney General Letitia James, National General’s failure to implement robust cybersecurity measures enabled hackers to target consumers’ personal data twice. “National General Insurance’s weak cybersecurity emboldened hackers to steal New York residents’ personal data,” she stated. In response, Allstate issued a statement clarifying that they had resolved the issue by securing their systems and notifying potentially affected customers. However, the New York Attorney General insists that both insurance companies failed to act in accordance with state data protection laws.
The lawsuit demands penalties against Allstate and National General and seeks an injunction to prevent any future data security violations. Under New York law, insurance companies must implement robust security measures to protect consumer data. This case highlights the growing challenges for insurance companies in protecting sensitive customer information amidst evolving cyber threats. With Allstate and National General Insurance under scrutiny, other insurance companies may face increased pressure to strengthen their cybersecurity frameworks.
To delve deeper into this topic, please read the full article PYMNTS.
