1. Website Planet
  2. >
  3. News
  4. >
  5. New York State Sues Allstate Over 2020, 2021 Data Breaches
New York State Sues Allstate Over 2020, 2021 Data Breaches

New York State Sues Allstate Over 2020, 2021 Data Breaches

Andrés Gánem Written by: Andrés Gánem
Maggy Di Costanzo Reviewed by: Maggy Di Costanzo
Last updated: March 18, 2025
New York Attorney General Letitia James filed a lawsuit against National General Insurance and its parent company, Allstate. The suit alleges they failed to prevent two data breaches that affected over 165,000 state residents and nearly 200,000 individuals worldwide, according to a March 10 press release.

The breaches took place in 2020 and 2021 when hackers exploited National General’s online quoting tools to access customers’ names and driver’s license numbers. “Driver’s license numbers are valuable to cyber-criminals and can be used to commit various forms of fraud, including identity theft and government benefits fraud,” James said.

The lawsuit claims National General failed to detect the first breach – which took place between August and November 2020 – for two months. After discovering the breach, the company failed to notify drivers or state agencies, as required by law. It also failed to strengthen security on other portals, leading to a second, larger breach in February 2021.

At the time of the second breach, Allstate Corporation had already acquired National General. According to James, Allstate also failed to implement proper security measures after the purchase.

Under New York State’s law, any business that handles personal information is required to inform potential victims of a data breach within 30 days after discovery, as well as state authorities.

“National General mishandled New Yorkers’ personal information and violated the law by failing to inform them that their data was stolen,” said James. “It is crucial that companies take cybersecurity seriously to protect consumers from fraud and identity theft, and my office will always hold those who fail to do so accountable.”

The suit seeks an injunction to prevent further violations by Allstate, as well as a $5,000 penalty for each violation of New York’s General Business Law.

In a statement, an Allstate spokesperson said the company had already addressed the issue. “We resolved this issue years ago, promptly securing our systems after finding vulnerabilities in online quoting tools that could have exposed driver’s license numbers. We promptly notified regulators, contacted potentially affected consumers, and offered free credit monitoring as a precaution.”

This isn’t the first time New York has taken legal action over a data breach. In February 2025, the state fined PayPal over $2 million for failing to safeguard consumer data in a 2022 breach.

Andrés Gánem
Andrés Gánem
Andrés writes about a variety of topics aimed at helping business owners and merchants grow and manage their ventures. These topics include (but are not limited to) website building, web hosting, project management software, and credit card processing. Andrés has 3+ years of experience as a writer and content creator. He’s also worked as a project manager, website designer, and social media manager for a variety of science communication groups.

Follow our experts on
Rate this Article
4.0 Voted by 2 users
You already voted! Undo
This field is required Maximal length of comment is equal 80000 chars Minimal length of comment is equal 10 chars
Any comments?
Reply
View %s replies
View %s reply
More news
Show more
Reply to
0 out of minimum 50 characters
Complete your reply Complete your comment
The name is too short The name is too long The name contains invalid characters
The email is required The email is incorrect
Thank you, - your comment was submitted successfully!
We check all user comments within 48 hours to make sure they are from real people like you. We're glad you found this article useful - we would appreciate it if you let more people know about it.
Popup final window
Share this blog post with friends and co-workers right now:
1 1 1
Thank you, , your comment was submitted successfully!

We check all comments within 48 hours to make sure they're from real users like you. In the meantime, you can share your comment with others to let more people know what you think.

Thank you for signing up!

Once a month you will receive interesting, insightful tips, tricks, and advice to improve your website performance and reach your digital marketing goals!

1 1 1

So happy you liked it!

Share it with your friends!

1 < 1 1

Or review us on 1

3608532
50
5000
114315398