Repairer Driven News
« Back « PREV Article  |  NEXT Article »

Progressive could settle alleged data breach for $3.25 million

By on
Insurance | Legal
Share This:

The terms of a data breach settlement involving Progressive could be finalized on Feb. 25.

The proposed $3.25 million agreement would settle a class action lawsuit against Progressive that alleges a “massive and preventable” data breach of the personally identifiable information (PII) of more than 347,000 individuals.

The complaint states the compromised PII included names, addresses, social security numbers, driver’s license numbers, and financial information. Plaintiffs state the data was compromised due to Progressive’s inadequate data security procedures, protocols, and practices.

“Defendant betrayed the trust of plaintiff and the other class members by failing to properly safeguard and protect their personally identifiable information, thereby enabling unauthorized individuals to view and steal their valuable and sensitive information,” the complaint states.

Progressive was notified on May 19, 2023 that some of its third-party service provider’s employees improperly shared their access credentials with unauthorized individuals who purportedly performed the employees’ call center job duties, according to the complaint.

In early August 2023, Progressive sent notices to customers whose PII may have been viewed without authorization and offered them two years of a credit and identity monitoring service provided by Experian.

“Progressive investigated the attack with the assistance of third-party computer specialists. Thus, the unauthorized individuals had access to the personal and confidential information of some of Progressive’s customers. Progressive did not disclose how many individuals had unauthorized access to the confidential information… Progressive divulged that the earliest date of employment of any of the potentially involved employees by the third-party service provider was May 2021 but most were hired during or after the fall of 2022. Thus, the breach occurred for years.”

The complaint contends the unauthorized individuals obtained everything they needed to commit identity theft and fraud and “wreak havoc on the financial and personal lives of hundreds of thousands of individuals.”

Following extensive negotiations and mediation, the parties came to the proposed settlement, according to the proposed settlement agreement.

“Defendant denies all claims asserted against it in the litigation, denies all allegations of wrongdoing and liability, and denies all material allegations of the complaint,” the agreement states. “The parties desire to settle the litigation, the allegations, and/or subject matter of
the complaint, and all claims arising out of or related to the security incident on the terms and conditions set forth herein for the purpose of avoiding the burden, expense, risk, and uncertainty of continued litigation.

“The parties agree and understand that neither this settlement agreement nor the settlement it represents, shall be construed as an admission by defendant of any wrongdoing whatsoever, including an admission of a violation of any statute or law or of liability on the claims or allegations in the litigation or otherwise relating to the security incident, or that any such claims would be suitable for class treatment.”

The deadline for the settlement class to submit a claim is Feb. 18.

In November, GEICO and Travelers Indemnity Co. were fined $11.3 million in penalties by the Office of the New York Attorney’s General Office (OAG) and Department of Financial Services (DFS) for poor data security, which led to the personal information of more than 130,000 New Yorkers being compromised.

An OAG investigation found that both companies did not implement sufficient data security controls prior to an industry-wide campaign by hackers to steal consumers’ personal information including driver’s license numbers and dates of birth from auto insurance quoting applications, according to a news release. It says the hackers used the information to file fraudulent unemployment claims during the COVID-19 pandemic.

Images

Featured image credit: JHVEPhoto/iStock

Share This: