Two days after a State Farm auto insurance customer made a payment on their insurance policy over the phone, the customer called State Farm back to report that their credit card information had been misused. State Farm investigated, and one month later, on September 4, the insurer notified the Maryland Attorney General’s Office that they had discovered 11 confirmed cases where the after-hours call center employee involved in that customer’s transaction had misused customers’ credit card information.
Having found 11 instances of confirmed misused of credit card data, State Farm decided to notify all 687 customers whose phone payments had been handled by that call center employee.
Stunningly (to me, anyway), State Farm did not offer those affected any free services – including credit restoration services for those whose credit card information had been misused.
I seem to be seeing more cases this year where breached entities are not offering any free services. That may just be a misimpression on my part, but if you know credit card information was misused, I would think some offer of free services is definitely in order.