New York – In a stark reminder of the consequences of lax cybersecurity, Root Insurance has been hit with a $975,000 fine for a data breach that exposed the personal information of nearly 45,000 New Yorkers. The Attorney General’s office identified this as part of an industry-wide effort to steal sensitive data from online insurance applications.
According to AG Letitia James, the breach allowed hackers to obtain driver’s license numbers and dates of birth, which were then used to file fraudulent unemployment claims amidst the COVID-19 pandemic. ‘When companies have poor data security practices, they put individuals at risk of identity theft and other fraud,’ said AG James. ‘Today’s settlement should send a message to companies that my office will take action to protect New Yorkers’ private information.’
Root, an insurance company not operating in New York, was found to have exposed full driver’s license numbers in a PDF generated from auto quote processes. The Office of the Attorney General (OAG) discovered that Root failed to perform adequate risk assessments and did not identify the plain text exposure of consumer personal information, resulting in significant vulnerabilities.
Attorney General James has been a vocal advocate for stronger cybersecurity measures, securing $5.1 million from GEICO and Travelers, as well as $500,000 from Noblr, for similar data security failures. Today’s settlement raises the total amount secured to over $6.57 million.
In addition to the fine, Root is now required to enhance its data security measures, including maintaining a comprehensive information security program, developing and maintaining a data inventory of private information, maintaining reasonable authentication procedures, and implementing a logging and monitoring system to detect suspicious activity.
This case underscores the ongoing struggle against cybercriminals who exploit vulnerabilities in our digital systems. AG James’ office remains committed to holding companies accountable for their role in such breaches and ensuring that New Yorkers’ sensitive information is protected.
Related Federal Cases
- Wojeski & Company Hit with $60K Penalty for Data Breach · New York
- St. Margaret’s Center Hit with $1.3M Fine for Resident Neglect · New York
- Bausch and Lannett Hit with $17.85M Fine for Generic Drug Price Fixing · New York
- OrthopedicsNY Fined $500K for Patient Data Breach · New York
- NY-Presbyterian Hudson Valley Hospital Hit with $616K Fine for Illegal Kickback Scheme · New York
Key Facts
- State: New York
- Agency: NY AG
- Category: Cybercrime|Public Corruption|White Collar Crime
- Source: Official Source ↗
🔒 Get the grimiest stories delivered weekly. Subscribe free →
Browse More
