Filed Under:Markets, Workers Compensation

Nationwide reaches $5.5M data breach settlement with 33 AGs

States claimed Nationwide and a subsidiary failed to apply a critical security patch to its network that could have protected it from the cyberattack

Nationwide agreed to hire a technology officer responsible for monitoring application and software security as part of the settlement.
Nationwide agreed to hire a technology officer responsible for monitoring application and software security as part of the settlement.

Nationwide Mutual Insurance Co. agreed to a $5.5 million settlement over a 2012 data breach that led to the theft of more than 1 million customers' personal information, attorneys general for 33 states announced Wednesday.

The settlement came after the states claimed Nationwide and a subsidiary failed to apply a critical security patch to its network that could have protected it from the cyberattack. Attorneys general from Connecticut, Florida, New York, Pennsylvania, Texas and Washington, D.C., were among those involved with the settlement.

Related: 5 best practices to avoid a costly data breach

Data from consumers seeking quotes


Hackers were able to gain access to Social Security numbers, driver's license numbers, credit scoring information and other personal data the company collected on consumers seeking quotes, according to New York Attorney General Eric Schneiderman's office. Many of the victims were not ultimately insured by Nationwide.

As part of the settlement, the insurance company agreed to be more transparent about its data collection policy for those that don't become customers, Schneiderman's office said.

"This settlement should serve as a reminder that companies have a responsibility to protect consumers' personal information regardless of whether or not those consumers become customers. We will hold companies to account if they don't," Schneiderman said in a statement, noting that nearly 3,000 New Yorkers were among the victims.

Agreed to improve internal security practices


As part of the agreement, Nationwide will improve its internal security practices, according to the AGs. The company also agreed to more regularly apply security updates, and to hire a technology officer responsible for monitoring application and software security.

Connecticut Attorney General George Jepsen noted state law "requires that anyone in possession of another person's personal information safeguard that data." Nearly 1,000 Connecticut residents were affected by the breach.

Related: No business is totally safe from cyber attacks

In the wake of the breach, Nationwide provided free credit monitoring and identity theft protection to those impacted, in addition to fraud expense coverage up to $1 million and access to credit reports, the AGs noted.

"Consumers in the district and across the nation entrust their personal information to retailers every day," D.C. Attorney General Karl Racine said in a statement. "Data breaches open the door to identity theft, which can have real and devastating consequences for hard-working people, and we hope today's settlement reminds retailers that they have a responsibility to do everything they can to protect consumers' private information."

'Protecting consumer data is something that we take seriously'


In a statement, Nationwide spokesman Eric Hardgrove said the company was "pleased" with the settlement over the data breach caused by "a sophisticated, criminal attack" that the company "took immediate steps to successfully contain." The settlement itself "does not include any allegations that we violated data security laws" as the insurance company does not believe any such laws were violated.

Related: 5 cybersecurity problems facing mid-size insurance companies

"The decision to enter into a settlement agreement reflects our desire to continue our strong cybersecurity program and to concentrate on our core business operations," Hardgrove said. "Protecting consumer data is something that we take seriously. We believe a private/public partnership would be the best approach to combat cyberattacks on U.S. companies, and we are pleased Nationwide is at the forefront of this approach."

B. Colby Hamilton is a New York-based financial and white-collar litigation reporter for the New York Law Journal and Law.com. Contact Colby at chamilton@alm.com. On Twitter: @bcolbyhamilton.

Originally published on New York Law Journal. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Related

Could Nationwide’s Security Breach Happen to Any Insurer?

The security breach of Nationwide Insurance last week is the last thing anyone in the business world wants to announce....

Featured Video

Most Recent Videos

Video Library ››

Top Story

Oh, deer! What drivers should know about animal collisions

One-third (34%) of all animal collision comprehensive claims are filed during the fall, according to Farmers Insurance.

Top Story

5 dated insurance business tools, technologies

Accelerating insurance industry innovation will mean moving away from the same old business processes.

More Resources

Comments

eNewsletter Sign Up

Workers' Comp Watch eNewsletter

Receive critical business insights into issues related to worker's comp insurance. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.