DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NJ Attorney General Porrino Announces Multi-State Settlement With Nationwide Insurance over Consumer Data Breach

Posted on August 9, 2017 by Dissent

Attorney General Christopher S. Porrino announced today that New Jersey, along with 31 other states and the District of Columbia, has entered into a settlement with Nationwide Mutual Insurance Company that resolves allegations linked to a data breach that compromised the personal identifying information of more than a million consumers.

The multi-state settlement, which also includes Nationwide subsidiary Allied Property and Casualty Insurance Company, flows from an investigation by the participating states into a 2012 data breach that resulted in the loss of social security numbers, driver’s license numbers, credit scoring information and other personal data belonging to 1.27 million consumers.

The states alleged that the October 2012 breach was caused by Nationwide’s failure to apply a critical security patch to its data system, which contained personal information collected by the company in order to provide insurance quotes. The breach affected both consumers who were insured by Nationwide and persons who had sought quotes but never became insured by the company.

“This is an important settlement for consumers in New Jersey and across the nation, because it requires Nationwide to take specific steps designed to enhance its security measures and better protect the personal information of customers and prospective customers,” said Attorney General Porrino. “We live in a world where, for most consumers, it’s difficult if not impossible to avoid having their personal information end up stored in multiple databases. Businesses that collect and keep such data have a duty to safeguard the information. When they fail to do so – when they fail to exercise the appropriate level of care in storing consumer data — our commitment is to hold them accountable.”

The settlement announced today requires Nationwide to take a variety of steps to both generally update its security practices and to ensure the timely application of patches and other updates to its security software.

Nationwide also must hire a Technology Officer responsible for monitoring and managing software and application security updates — including supervising employees responsible for evaluating and coordinating the maintenance, management, and application of all security patches and software and application security updates.

In addition, Nationwide has agreed to take steps during the next three years to strengthen its security practices, including:

  • Updating its procedures and policies relating to the maintenance and storage of consumers’ personal data.
  • Conducting regular inventories of the patches and updates applied to its systems used to maintain consumers’ personal identifying information.
  • Maintaining and utilizing system tools to monitor the health and security of their systems used to maintain personal identifying information.
  • Performing internal assessments of its patch management practices and hiring an outside, independent provider to perform an annual audit of its practices regarding the collection and maintenance of personal identifying information.

Although many consumers whose data was lost as a result of the 2012 breach never became Nationwide customers, the company retained their data in order to more easily provide them re-quotes at a later date.

The multi-state settlement requires Nationwide to be more transparent about its data collection practices by disclosing to consumers that it retains their personal identifying information even if they do not become Nationwide customers. In addition to its injunctive terms, the settlement calls on Nationwide to make a total payment of $5.5 million to the participating states. New Jersey’s share is approximately $101,000.

In addition to New Jersey, the Nationwide settlement has been joined by the Attorneys General of Alaska, Arizona, Arkansas, Connecticut, Florida, Hawaii, Illinois, Indiana, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Mississippi, Missouri, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Vermont, Washington, and the District of Columbia.

Deputy Attorney General Patricia Schiripo, Assistant Section Chief of the Division of Law’s Consumer Fraud Prosecution Section, handled the Nationwide matter on behalf of the State.

Source: New Jersey Attorney General

Category: Business SectorOf Note

Post navigation

← Top Next-Gen Security Firm Leaking Terabytes of Customer Data
UK: TalkTalk hit with yet another monetary penalty over earlier data protection failure →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.