Penalty Amount
$14,200,000
Consumers Affected
825,000
New York Attorney General Letitia James secured $14.2 million in settlements from eight car insurance companies for failing to implement reasonable data security controls, leading to data breaches that exposed over 825,000 New Yorkers' personal information including driver's license numbers and dates of birth. Hackers exploited vulnerabilities in the companies' online quoting tools to steal the data, which was later used to file fraudulent unemployment claims during the COVID-19 pandemic. The settlements require the companies to pay penalties and implement enhanced cybersecurity measures including data inventory maintenance, multifactor authentication, and improved threat response procedures.
The eight settling companies must pay a combined $14.2 million in civil penalties, with individual penalties ranging from $815,000 to $2.8 million per company. All companies are required to implement and maintain a comprehensive information security program, including maintaining a private data inventory, reasonable authentication procedures (such as multifactor authentication), logging and monitoring systems to detect suspicious activity, and enhanced threat response procedures. Affected New Yorkers were offered one year of free credit report monitoring.
In-house legal teams at companies that use online consumer-facing data collection tools (including quoting, pre-fill, or account portals) should review all vendor agreements with data brokers or third-party tool providers to ensure they include mandatory security controls, breach notification requirements, and liability for security failures. Contracts should explicitly require multifactor authentication for agent or employee access, regular security assessments of tools handling private information, and maintenance of comprehensive data inventories. Companies should also update incident response provisions in vendor agreements to align with regulatory expectations for timely breach detection and reporting, and include requirements for logging and monitoring of suspicious activity. For entities in the insurance industry, specific review of agency quoting tool agreements for security warranties and compliance with state cybersecurity regulations is recommended.
Entity
American Family Mutual Insurance Company/Midvale Indemnity Company; Farmers Insurance; Hagerty Insurance Agency; The Hartford Insurance Group; Infinity Insurance Company; Liberty Mutual Insurance; Metromile; State Auto Mutual Insurance Company
Industry
InsuranceOfficial Press Release
https://ag.ny.gov/press-release/2025/attorney-general-james-secures-142-million-car-insurance-companies-over-data
american family mutual insurance company s.i assurance of di
https://ag.ny.gov/sites/default/files/settlements-agreements/american-family-mutual-insurance-company-s.i-assurance-of-discontinuance-2025.pdf
farmers insurance exchange assurance of discontinuance 2025
https://ag.ny.gov/sites/default/files/settlements-agreements/farmers-insurance-exchange-assurance-of-discontinuance-2025.pdf
hagerty insurance agency assurance of discontinuance 2025
https://ag.ny.gov/sites/default/files/settlements-agreements/hagerty-insurance-agency-assurance-of-discontinuance-2025.pdf
hartford fire insurance company assurance of discontinuance
https://ag.ny.gov/sites/default/files/settlements-agreements/hartford-fire-insurance-company-assurance-of-discontinuance-2025.pdf
infinity insurance company assurance of discontinuance 2025
https://ag.ny.gov/sites/default/files/settlements-agreements/infinity-insurance-company-assurance-of-discontinuance-2025.pdf
liberty mutual holdings company assurance of discontinuance
https://ag.ny.gov/sites/default/files/settlements-agreements/liberty-mutual-holdings-company-assurance-of-discontinuance-2025.pdf
metromile llc assurance of discontinuance 2025
https://ag.ny.gov/sites/default/files/settlements-agreements/metromile-llc-assurance-of-discontinuance-2025.pdf
state automobile insurance company assurance of discontinuan
https://ag.ny.gov/sites/default/files/settlements-agreements/state-automobile-insurance-company-assurance-of-discontinuance-2025.pdf
New York Attorney General Enforcement Page
https://ag.ny.gov/press-releases
"The car insurance companies involved in today’s settlements are: American Family Mutual Insurance Company/Midvale Indemnity Company, Farmers Insurance, Hagerty Insurance Agency, The Hartford Insurance Group, Infinity Insurance Company, Liberty Mutual Insurance, Metromile, and State Auto Mutual Insurance Company."
"secured $14.2 million from eight car insurance companies"
"October 14, 2025"
"New York Attorney General Letitia James"
"did not implement reasonable data security controls to protect consumers’ private information"
"more than 825,000 New Yorkers"
$5.0M
New York Attorney General Letitia James secured a settlement with cryptocurrency platform Uphold HQ, Inc. for misleading investors by promoting Cred’s fraudulent CredEarn investment product as a safe, reliable savings option when it involved risky loans to uncreditworthy borrowers. Uphold will pay $5 million to harmed investors, redirect $545,189 in Cred bankruptcy proceeds to affected customers, and implement enhanced due diligence policies for third-party investment products. Uphold must also register as a broker with the Office of the Attorney General.
New York Attorney General Letitia James led a bipartisan coalition of 24 state attorneys general, Puerto Rico, and New York City in sending letters to nine major credit card companies and payment processors urging them to block transactions facilitating illegal vaping product sales. The coalition cites federal and state laws prohibiting unauthorized e-cigarette sales, particularly to youth, and requests collaboration to prevent payment networks from processing such transactions. No enforcement penalties or actions were imposed as part of this initiative.
New York Attorney General Letitia James and Tennessee Attorney General Jonathan Skrmetti, leading a coalition of 40 state attorneys general, secured a jury verdict on April 15, 2026, against Live Nation and Ticketmaster for maintaining illegal monopolies in the live events industry. The jury found the companies engaged in anticompetitive practices including exclusive venue contracts, forcing competitors out of the market, and limiting artist performance choices, resulting in overcharged consumers. Remedies, including potential financial penalties and a monopoly breakup, are pending court approval.
New York Attorney General Letitia James, joined by 16 other states, sued the U.S. Department of Education over a new survey requiring colleges to submit extensive student data, arguing it violates the Administrative Procedure Act and threatens student privacy. The lawsuit seeks to block the mandate and prevent penalties for non-compliance.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
New York Attorney General Letitia James sent a letter to Instacart demanding information about its use of algorithmic pricing, after a study found users were charged up to 23% more for identical products. The AG warned that Instacart’s pricing disclosures are non-compliant with New York’s Algorithmic Pricing Disclosure Act, which requires prominent notices near product prices when personal data is used to set prices. Instacart must provide details on its pricing experiments, automated tools, and compliance efforts with the state’s disclosure requirements.