New York Attorney General Letitia James has filed a lawsuit against National General Holdings Corp. and Allstate Insurance Company, alleging failures in data security that led to two data breaches in 2020 and 2021. The breaches reportedly exposed nearly 200,000 driver’s license numbers, including over 165,000 from New York.

The complaint claims that the companies misrepresented their data protection practices and failed to implement sufficient security measures.

James has developed a reputation for aggressively pursuing corporate misconduct, especially in cases involving consumer protection and data security. While this approach has earned her praise from consumer advocates, critics argue that her high-profile legal actions sometimes place political motivations over pragmatic resolutions, raising questions about whether litigation is always the most effective solution.

Why It Matters: This lawsuit highlights the growing pressure on companies to not only protect sensitive consumer data but also to be transparent about their security practices. If the New York Attorney General prevails, it could establish new legal precedents for how insurers and financial institutions manage data security and communicate with customers. However, the aggressive legal strategy raises questions about whether litigation will lead to meaningful improvements in security or simply result in increased compliance costs without addressing underlying vulnerabilities.

• Alleged Data Breaches: The lawsuit claims that National General’s quoting tools were vulnerable to automated attacks, leading to the exposure of nearly 200,000 driver’s license numbers. The breaches allegedly occurred in 2020 and 2021, but the company reportedly failed to respond promptly.

• Claims of Legal Violations: The Attorney General alleges that National General violated New York’s SHIELD Act, which requires companies to adopt reasonable data protection measures. The lawsuit asserts that the insurance company failed to monitor for unusual activity and safeguard consumer information.

• Misleading Security Assurances: According to the complaint, National General informed customers that their data was secure, despite internal findings of security gaps and vulnerabilities. This allegedly created a false sense of security among consumers.

• Allstate’s Involvement: Allstate, which acquired National General in 2021, is accused of failing to address known security flaws after the acquisition. The lawsuit argues that Allstate’s oversight contributed to the ongoing risks to consumer data.

• Potential Legal and Financial Consequences: The lawsuit seeks financial penalties, restitution for affected consumers, and a court order requiring the companies to improve their data protection measures. The outcome could influence industry standards for data security.

Go Deeper -> State of New York v. National General Holdings Corp – NY AG