Recent settlements over data breaches

The State of New York has secured an $11.3m settlement from two car insurance companies over the breach of sensitive data of more than 120,000 of its citizens.Poor data security practices led to the data breaches according to the New York Attorney General and State Department of Financial Services (DFS).

The two firms, the Government Employees Insurance Company (GEICO) and The Travelers Indemnity Company (Travelers), “failed to protect consumers’ personal information,” according to New York Attorney General Letitia James.

Some of stolen driver’s license information exposed in the GEICO breach was used to file fraudulent unemployment claims at the height of the COVID-19 pandemic. As a result of the settlements, GEICO will pay a total of $9.75m in penalties and Travelers $1.55m to the State of New York.

Meaningwhile, hotel giant Marriott has agreed to pay a $52m settlement to 50 US states for a large multi-year data breach impacting 131.5 million American customers.

The 50-state settlement followed an investigation conducted by the Federal Trade Commission (FTC) and 50 state attorney generals into a breach of a Starwood guest reservation database that was discovered in September 2018.

It is estimated that 339 million guest records were exposed globally in the incident.