Allstate Insurance Dropped the Ball on Ensuring Data Security
More news of unencrypted, plaintext data from a major organization being left in the open for cyber criminals. Not merely a set of discarded hard drives at a random Netherlands air base, now the state of New York is suing insurance giant Allstate for their lack of digital cyber hygiene: websites that left personal information completely exposed in plaintext. This suit follows a Texas suit against the insurer, accusing them of illicitly collecting data on millions of motorists.
According to an email reply sent to The Register, this data exposure was an issue Allstate believed to be resolved in 2020, yet by that point around 12,000 drivers had their personal data stolen. Intruders were able to exploit the flaws in consumer quoting tools, which acted as a sort of background check for those who entered their names and addresses; the site then searched a database whose results fully displayed these names, addresses, and associated license plate numbers.
Court documents claim that “attackers identified this vulnerability and targeted these quoting tools” to steal the data and “submit fraudulent claims for pandemic and unemployment benefits.” A further 187,000 people were compromised in another incident that involved a similar quote-generating tool. Agents received plaintext passwords via unencrypted emails, nor was multi-factor authentication required for portal access.
Some organizations out there may feel that encryption is a luxury tool, nice to have but not needed; that business operations will thus proceed more smoothly, even in the event of a data breach, than if they work to ensure proper data security hygiene and encryption. Perhaps they’re banking on a simple slap on the wrist if they’re caught slacking. That’s why major firms like Allstate, and even smaller providers like the now defunct ex-owners of those hard drives, seem comfortable foregoing encryption. Of course, next thing you know, you’re in the middle of multiple class action suits that could have easily been prevented.
The reality is, keeping your data secure doesn’t require breaking the bank or hiring an army of cybersecurity experts. With the right approach, robust encryption is well within reach for businesses of any size.
For an affordable price and with simple installation, NetLib Security’s Encryptionizer solution makes it a breeze to lock down your stored data against cyber threats and accidental exposure. Whether your systems are on-premises, virtualized, or in the cloud, Encryptionizer integrates seamlessly without any complex coding or performance hits.
As we start to register more of these shocking headlines of blatantly omitted consumer data protections, it’s imperative to avoid becoming the next story of data security negligence.