Documents filed with the suit allege USAA failed to protect the information it pulled from motor vehicle records, like drivers’ license numbers, to use in its quoting system. (Credit: Tada Images/Adobe Stock)
USAA has reportedly agreed to pay a $3.25 million settlement related to a data breach in 2021, though the insurer maintains its innocence in the case.
Though the settlement agreement was sealed by a judge, My San Antonio (MySA) obtained a copy of a proposed settlement agreement that they say sheds some light on how the settlement may have shaken out.
Documents filed with the suit allege USAA failed to protect the information it pulled from motor vehicle records, like driver's license numbers, to use in its quoting system. Vincent Dolan, who originally filed the suit, stated these actions allowed a stranger to access his identifying information, which was then used to start a USAA membership without his knowledge.
MySA reports that Dolan was unaware that his information had been stolen until USAA sent out a letter notifying him of a data breach in 2021. He filed suit in July 2021, and since then more than 22,000 people joined the class action.
While Dolan will likely receive that largest payout – possibly up to $10,000 – the other claimants will likely receive around $100 each.
This isn’t USAA’s only brush with data breach issues this year. In August, the insurer sent a notice to policyholders detailing a data incident that occurred in April due to an internal error that reportedly impacted the personal information of 32,000 people. The notice states:
“On April 30, 2024, we became aware of a system error that occurred during a routine update to our document delivery system. As a result of the error, some documents for members with property and casualty insurance products through USAA were inadvertently posted to another member’s online account. Upon learning of the error, USAA promptly took corrective steps to remove the inadvertently posted documents and commenced an investigation of the incident. Based on our investigation, which concluded on July 31, 2024, we determined that some of your personal information may have been inadvertently disclosed to another USAA member.”
The notice claims USAA corrected the error upon its discovery.
According to ClassAction.org, the carrier faces a proposed class action suit over this situation. A 62-page filing on the matter states that this breach may have compromised customers’ names, addresses, emails, birth dates, social security numbers, driver’s license numbers, passport numbers, vehicle VINs, policy details, loan numbers and medical information. The suit blames the incident on negligence from USAA.
The plaintiff in the suit says he was informed by his bank that his private data had been posted to the dark web, which led to around $950 in fraudulent charges to his credit card in August 2024. He attributes this to the USAA data breach.
The suit argues that USAA did not inform customers of the incident in a timely manner. The insurer reportedly waited until August to inform customers about the breach, despite the error being discovered in April. More information about that class action can be found here.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.