Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Nationwide Mutual Insurance Co. has agreed to pay $5.5 million to close a multistate data breach investigation, attorneys general from several states announced Aug. 9.
Companies that allegedly fail to properly install software security updates to harden their computer networks from cyberattacks run the risk of enforcement actions by state attorneys general.
In 2012, hackers accessed personal information, including Social Security and driver’s license numbers, of some 1.27 million customers of Nationwide and its subsidiary, Allied Property & Casualty Insurance Co., and other consumers by exploiting a third-party web application vulnerability, according to allegations in the settlement.
The companies “failed to apply a critical software patch that the third party software company had deployed in 2009 to address the vulnerability,” Connecticut Attorney General George Jepsen (D) said in a statement. Connecticut, the District of Columbia, Florida, and Maryland led the investigation, with 29 other states joining the settlement.
Under the no-fault agreement, Nationwide agreed to improve its data security; ensure that software is up-to-date; and hire a technology officer to monitor and manage security updates, and supervise employees responsible for software.
Many of the consumers whose data was compromised weren’t insured by Nationwide, but the company retained their data to provide additional quotes at a later date. The settlement requires Nationwide to disclose to consumers that it retains their personal information, even if they don’t become customers.
“It is critically important that companies take seriously the maintenance of their computer software systems and their data security protocols,” Jepsen said.
A spokesman for Nationwide said in a statement provided to Bloomberg BNA that the company’s “decision to enter into a settlement agreement reflects our desire to continue our strong cybersecurity program and to concentrate on our core business operations. Protecting consumer data is something that we take seriously. We believe a private/public partnership would be the best approach to combat cyber-attacks on U.S. companies.”
To contact the reporter on this story: Aaron Nicodemus in Boston at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
The settlement agreement is available at http://src.bna.com/rwx.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)