NY Attorney General Takes Legal Action Against Allstate for Cybersecurity Failures
New York state has filed a lawsuit against Allstate’s (ALL.N) National General unit, alleging the insurer failed to properly disclose a data breach that compromised the driver’s license numbers of hundreds of thousands of individuals. According to Reuters, the lawsuit, led by New York Attorney General Letitia James, was submitted in a Manhattan state court and seeks civil penalties for the alleged lapses in data security and reporting.
Per Reuters, the case stems from two consecutive cyberattacks in 2020 and 2021, where hackers exploited vulnerabilities in National General’s online auto insurance quoting system. These breaches exposed the personal information of over 165,000 New Yorkers and nearly 200,000 individuals nationwide.
The complaint asserts that National General failed to notify affected drivers or relevant state authorities about the initial breach, which occurred between August and November 2020. It further claims that the company took approximately three months to detect a second breach in January 2021, signaling deficiencies in its cybersecurity measures.
Related: FCC Responds to Cybersecurity Threats with CALEA Ruling
According to Reuters, New York state contends that National General violated the Stop Hacks and Improve Electronic Data Security (SHIELD) Act by neglecting to implement adequate protections for customer data. The lawsuit also accuses the insurer of violating consumer protection laws by misleading customers regarding the security of their personal information.
Allstate, headquartered in Northbrook, Illinois, acquired National General for approximately $4 billion in January 2021. The lawsuit marks a significant legal challenge for the insurer, as state officials seek to hold companies accountable for cybersecurity shortcomings and failure to comply with data protection regulations.
As the case progresses, it could set a precedent for how insurers and financial institutions handle cybersecurity breaches and consumer notifications, reinforcing the importance of stringent data protection measures in an increasingly digital landscape.
Source: Reuters
Featured News
Australia’s Major Supermarkets Face Scrutiny Over Profit Margins Amid Rising Prices
Mar 21, 2025 by
CPI
Fired FTC Commissioners Warn of Potential White House Influence Over Mergers
Mar 20, 2025 by
CPI
Dr. Matthew Backus Joins Compass Lexecon as an Affiliate
Mar 20, 2025 by
CPI
UK to Boost Broadband Competition While Capping Openreach Charges, Says Ofcom
Mar 20, 2025 by
CPI
Singapore Competition Watchdog Yet to Receive Formal Notification on Grab-GoTo Merger
Mar 20, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Self-Preferencing
Feb 26, 2025 by
CPI
Platform Self-Preferencing: Focusing the Policy Debate
Feb 26, 2025 by
Michael Katz
Weaponized Opacity: Self-Preferencing in Digital Audience Measurement
Feb 26, 2025 by
Thomas Hoppner & Philipp Westerhoff
Self-Preferencing: An Economic Literature-Based Assessment Advocating a Case-By-Case Approach and Compliance Requirements
Feb 26, 2025 by
Patrice Bougette & Frederic Marty
Self-Preferencing in Adjacent Markets
Feb 26, 2025 by
Muxin Li