New York attorney general files complaint over insurance data breaches
On March 1, New York State Attorney General Letitia James filed a complaint in the Supreme Court of the State of New York against a group of insurance companies and a parent corporation. The complaint alleged these companies engaged in unlawful, fraudulent and deceptive conduct related to data security breaches. In 2020 and 2021, the insurance companies suffered two data breaches that exposed the driver license numbers of more than 165,000 New Yorkers, which the complaint alleged were due to vulnerabilities in the company’s online auto insurance quoting tools. The complaint alleged the companies intentionally designed these tools to display consumers’ driver license numbers in plain text without proper authentication, making them susceptible to attacks, and that the breaches resulted from the failure to implement reasonable data security safeguards. Furthermore, the companies failed to notify affected consumers and relevant state agencies promptly, violating state data breach notification laws. The complaint also claimed the companies misrepresented their data security practices to consumers, violating New York’s consumer protection laws. The complaint seeks injunctive relief, damages, civil penalties, and other equitable relief for these violations.