Nationwide Mutual Insurance Co. has agreed to pay $5.5 million to settle legal actions brought by Connecticut and 30 other states over a 2012 computer hacking case that exposed personal data of 1.2 million consumers.
Connecticut’s share of the settlement is $256,559, and state Attorney General George Jepsen said the money will be deposited in Connecticut’s general fund, which should help out a tiny bit with the state’s budget deficit.
The data breach occurred on Oct. 3, 2012 when hackers “exploited a vulnerability” in web software used by Nationwide and its subsidiary, Allied Property & Casualty Insurance Co., according to Jepsen’s office.
“The state’s investigation found that Nationwide had failed to apply a critical software patch that the third-party software company had deployed in 2009 to address the vulnerability,” according to state officials.
The data breach gave the hackers access to all kinds of personal information on consumers, from Social Security numbers and drivers’ license numbers to marital status and dates of birth. State officials say personal data on 774 Connecticut residents was exposed to the hackers.
“Connecticut law requires that anyone in possession of another person’s personal information safeguard that data,” Jepsen said.
In additional to the monetary settlement, Nationwide has agreed to provide consumers with more information about data collection practices, including that it may retain personal data on applicants even if those individuals never actually become insured by Nationwide or its subsidiaries.
Nationwide also agreed to strengthen its safeguards over computer storage of, and…
click here to read more.