Group of professionals discuss finance

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Banking and Finance Law Daily, August 10, 2017

Nationwide Mutual Insurance agrees to pay $5.5 million for data breach

By J. Preston Carter, J.D., LL.M.

Thirty-two states have reached an agreement with Nationwide Mutual Insurance Company in which the company will pay $5.5 million concerning a 2012 data breach that resulted in the loss of personal information belonging to 1.2 million companies. The states allege that the breach was caused by the failure to apply a critical security patch intended to prevent hacking or viral infection, violating a number of state consumer protection acts. The breach included Social Security numbers, driver’s license numbers, credit scoring information, and other personal data initially collected to provide insurance quotes to consumers applying for Nationwide insurance plans, many of whom did not ultimately become insured by the company.

In his announcement of the settlement, New York State Attorney General Eric Schneiderman said, "Nationwide demonstrated true carelessness while collecting and retaining information from prospective customers, needlessly exposing their personal data in the process. This settlement should serve as a reminder that companies have a responsibility to protect consumers’ personal information regardless of whether or not those consumers become customers."

The settlement requires Nationwide to take a number of steps to update its security practices and ensure the timely application of patches and other updates to its security software. Also, it must hire a technology officer responsible for monitoring and managing software and application security updates, including supervising employees responsible for evaluating and coordinating the maintenance, management, and application of all security patches and software and application security updates.

Although many of the affected consumers never became insured by Nationwide, the company retained their data in order to more easily provide the consumers re-quotes at a later date. Therefore, the settlement requires Nationwide to be more transparent about its data collection practices, including by disclosing to consumers that it retains their personal information, even if they do not become its customers.

Companies: Nationwide Mutual Insurance Company

MainStory: TopStory EnforcementActions CyberPrivacyFeed IdentityTheft NewYorkNews Privacy StateBankingLaws

Back to Top

Banking and Finance Law Daily

Introducing Wolters Kluwer Banking and Finance Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.