NEW YORK – Two insurance giants, National General and Allstate Insurance Company (Allstate), are facing a blistering lawsuit from New York Attorney General Letitia James over a pair of catastrophic data breaches that left the driver’s license numbers of over 165,000 New Yorkers exposed to online predators. The breaches, occurring in 2020 and 2021, weren’t just accidents; they were the direct result of negligent data security practices, according to the Attorney General’s office.
The initial breach in 2020 centered around National General’s online quoting websites – systems designed to spit out instant auto insurance quotes. But these websites had a fatal flaw: they displayed full driver’s license numbers in plain text, practically begging to be scraped by malicious actors. Nearly 12,000 individuals, including over 9,100 New Yorkers, had their sensitive information compromised. National General took *two months* to even realize they’d been hit, a delay attributed to pathetic monitoring and a complete lack of defenses against automated attacks.
Here’s where it gets worse. Instead of immediately notifying affected consumers and alerting state agencies, National General swept the problem under the rug. They then *continued* to leave driver’s license numbers exposed on a separate quoting website used by independent insurance agents, a system just as vulnerable as the first. Predictably, hackers came back for a second helping in February 2021, compromising the data of an additional 187,000 consumers – roughly 155,000 of them New Yorkers.
The buck didn’t stop there. Even after The Allstate Corporation acquired National General and took control of its data security, the failures persisted. Attorney General James is alleging that Allstate inherited a mess and did little to clean it up. Driver’s license numbers, as anyone with half a brain knows, are gold to identity thieves, enabling everything from fraudulent benefit claims to full-blown identity theft. New York law demands companies protect this data, and the Attorney General argues National General flagrantly ignored that responsibility.
“National General’s weak cybersecurity emboldened hackers to steal New Yorkers’ personal data, not once but twice in two separate cyberattacks,” Attorney General James stated bluntly. “National General mishandled New Yorkers’ personal information and violated the law by failing to inform them that their data was stolen. It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft, and my office will always hold those who fail to do so accountable.”
The Attorney General is seeking penalties for National General’s negligence, an injunction to prevent further violations, and a court order forcing them to implement robust data security measures. This case serves as a stark warning: in the digital age, lax cybersecurity isn’t just bad business – it’s a crime. This is Attorney General James.
Related Federal Cases
- OrthopedicsNY Hit with $500K Fine for Data Breach · New York
- Insurers Hit With $14.2M Fine For Data Heist · New York
- Nigerian National Sentenced for $6.3M Business Email Compromise Scheme · Alaska
- Buffalo Man Wul Isaac Chol Pleads Guilty to Buying Stolen Data · New York
- Chinese National Sentenced to Up to 10 Years for Stealing Electric Vehicle Trade Secrets · Texas
Key Facts
- State: New York
- Agency: NY AG
- Category: Cybercrime
- Source: Official Source ↗
🔒 Get the grimiest stories delivered weekly. Subscribe free →
Browse More
MORE FEDERAL CRIME NEWS
CybercrimeCybercrimeCybercrimeCybercrime