Privacy and consumer protection enforcement actions against insurance companies.
8
Total Actions
$16.9M
Total Fines
Texas Attorney General Ken Paxton has opened an investigation into Superior Insurance for allegedly using private investigators to spy on lawmakers, journalists, and private citizens with pending insurance claims. The company's CEO admitted to these actions at a legislative hearing, citing concerns about blackmail and leveraging information to secure state contracts and avoid paying legitimate claims, particularly for medical bills.
Root Insurance Company's online quoting system exposed plaintext driver's license numbers and personal information, allowing hackers to steal data from approximately 45,000 New Yorkers. The stolen information was used to file fraudulent unemployment claims. Root will pay $975,000 in penalties and implement enhanced data security measures, including a comprehensive security program and improved monitoring.
$975K
New York Attorney General Letitia James filed a lawsuit against National General Holdings Corp and Allstate Insurance Company for failing to protect personal information and notify consumers of data breaches. The breaches exposed driver's license numbers of over 165,000 New Yorkers due to poor cybersecurity. The AG is seeking monetary penalties and an injunction.
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
Connecticut Attorney General William Tong announced a settlement with Integrity Admin Group, Inc. for deceptive home warranty marketing practices. The company will pay $10,000 and cease misleading tactics such as creating false urgency and sending fake checks. The settlement includes injunctive relief to prevent future deceptive practices.
$10K
Premera Blue Cross suffered a data breach in 2014 that exposed personal and medical information of 10.5 million consumers. As part of a multistate settlement, Premera agreed to pay $10 million in civil penalties and implement security improvements and a compliance program. California will receive over $1 million from the settlement.
$10.0M
Aetna, Inc. settled with New Jersey and other states over allegations that it improperly disclosed protected health information of thousands of individuals through mailings that revealed HIV/AIDS status and AFib study participation. The settlement requires Aetna to implement policy reforms, hire an independent consultant, and pay a civil penalty of $365,211.59 to New Jersey.
$365K
Nationwide Insurance settled a multi-state investigation into a 2012 data breach that exposed personal information of 1.27 million consumers due to failure to apply a security patch. The settlement requires enhanced security practices, hiring a Technology Officer, and a $5.5 million payment to the states.
$5.5M