New York State has initiated legal action against Allstate Insurance due to significant flaws in website security that exposed personal data in plain text. The issues arose from the National General unit's quoting process, which disclosed sensitive information like driver's license numbers. Cybercriminals exploited these vulnerabilities, harvesting at least 12,000 driver's license numbers to commit fraud related to pandemic and unemployment benefits. Although Allstate claims to have promptly addressed the security vulnerabilities, the damage was already done before they secured the systems.
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.
National General intentionally built these tools to automatically populate consumers' entire DLNs in plain text— fully exposed during the quoting process.
Collection
[
|
...
]