Nationwide pays $5.5 Million for multi-state data breach

Featured image

Share this article

Nationwide pays $5.5 Million for multi-state data breach

Nationwide Mutual Insurance and its subsidiary Allied Property and Casualty Insurance just settled with 33 states for $5.5 million dollars that came about from a 2012 multi-state data breach.

The settlement will be used to cover the costs of litigation, the investigation and consumer protection law enforcement, data security improvement, and other fees.

Nationwide’s data breach occurred in September 2012

In September 2012, cybercriminals hacked Nationwide’s system. The criminals stoled personal data from 1.27 million clients.

Some of the affected customers were Nationwide’s customers, but perhaps the most disturbing fact about the breach is that some of the affected individuals were only obtaining quotes from Nationwide, yet their data was still stored.

The stolen data included social security numbers, driver licenses, and credit scores.

The hackers gained access to the system by leveraging a flaw in a third-party application.

RELATED: HIPAA Breach Report: January – July 2017

The data breach could have been prevented

Unfortunately for Nationwide’s affected customers, this entire breach could have been avoided.

The third-party vendor used by Nationwide released a patch for this cybsercurity vulnerability three years prior to the incident. Nationwide failed to apply the patch and instead waited until after the breach to fix the flaw.

The investigation that followed was led by the attorney generals for Washington D.C., New York, Florida, Maryland and Connecticut.

Nationwide’s costly data breach settlement

In addition to paying a fine of $5.5 million dollars, the settlement requires Nationwide to update its security practices to ensure patches are applied in a timely manner.

Moreover, the company is required to hire a Technology Officer tasked with monitoring and managing software and security updates. The technology officer will also supervise employees responsible for evaluating and coordinating maintenance, management and application of security patches.

Over the next three years, Nationwide must update its policies for how personal data is stored, conduct regular inventories of patches and updates, maintain and use tools to monitor the state of security for its systems, and perform internal assessments of patch management practices.

Nationwide will also need to hire a third-party vendor to perform an annual audit of its practices for collecting and storing personal information.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022