Florida Attorney General Pam Bondi, 31 other state attorneys general and the District of Columbia have announced a $5.5 million settlement reached with Nationwide Mutual Insurance Company and its subsidiary, Allied Property & Casualty Insurance Company, concerning an October 2012 data breach.
That's according to a statement from Bondi's office.
The data breach resulted in the loss of personal information belonging to 1.27 million consumers, including their Social Security numbers, driver's license numbers, credit scoring information and other personal data.
According to case records, Nationwide collected this personal information to provide insurance quotes to consumers applying for insurance.
Officials claim that Nationwide's alleged failure to apply a critical security patch led to the loss of the personal information.
The settlement requires Nationwide to take a number of steps to both generally update security practices and to ensure the timely application of patches and other updates to security software.
Nationwide must also hire a technology officer responsible for monitoring and managing software and application security updates.
The tech officer will supervise employees responsible for evaluating and coordinating the maintenance, management and application of all security patches and software and application security updates.
Many of the consumers affected by the data breach never became Nationwide insured, but the company reportedly retained their data to more easily provide the consumers re-quotes at a later date.
The settlement requires Nationwide to be more transparent about data collection practices by requiring the disclosure to consumers that Nationwide retains personal information even if the consumers do not become customers.