Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Nationwide settles data breach suit for $5.5 million

Reprints
Nationwide settles data breach suit for $5.5 million

Nationwide Mutual Insurance Co. and a subsidiary have reached a $5.5 million settlement with 33 state attorneys general over an October 2012 data breach that resulted in the loss of personal information belonging to 1.27 million consumers.

The data lost in the breach involving Columbus, Ohio-based Nationwide and subsidiary Allied Property & Casualty Insurance Co. included customers’ gender, occupations, employer names and addresses, driver’s license numbers, Social Security numbers, marital status, dates of birth and Nationwide internal credit-related scores, according to the settlement agreement, which was announced by New York Attorney General Eric Schneiderman on Wednesday.

The breach occurred on Oct. 3, 2012, when hackers exploited a vulnerability in the insurers’ web application-hosting software, according to the settlement agreement.

After the data was breached, Nationwide addressed the software vulnerability by applying a software patch that had not been previously applied, according to the settlement agreement.

In addition, to paying $5.5 million, Nationwide agreed to appoint a “patch policy supervisor” whose duties will include, for a period of three years, being responsible for software and application security updates, according to the settlement agreement.

“Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process,” Mr. Schneiderman said in a statement. “This settlement should serve as a reminder that companies have a responsibility to protect consumers’ personal information regardless of whether or not those consumers become customers. We will hold companies to account if they don’t.”

Nationwide said in a separate statement that it “is pleased to have reached a settlement that we believe is consistent with our longstanding commitment to protect customer information.”

The insurer said, “The settlement agreement does not include any allegations that we violated data security laws. We believe that we have not violated such laws and that at all times our computer security has been compliant with data security laws.

“The decision to enter into a settlement agreement reflects our desire to continue our strong cybersecurity program and to concentrate on our core business operations. Protecting consumer data is something that we take seriously,” the statement said.

“We believe a private/public partnership would be the best approach to combat cyber attacks on U.S. companies, and we are pleased Nationwide is at the forefront of this approach.”

 

 

 

Read Next

  • Anthem to pay record $115M to settle lawsuits over data breach

    (Reuters) — Anthem Inc., the largest U.S. health insurance company, has agreed to settle litigation over a hacking in 2015 that compromised about 79 million people's personal health information for $115 million, which lawyers said would be the largest settlement ever for a data breach.