Nationwide Insurance Co. will pay the state of Iowa more than $300,000 as part of a settlement over a 2012 data breach, the Iowa Attorney General’s Office said Wednesday.
The breach resulted in the loss of personal information for 1.27 million customers, including more than 91,000 in Iowa. The exposed information included Social Security and driver’s license numbers, even for individuals who never became customers.
Thirty-two states, including Iowa, and the District of Columbia claimed Nationwide and a subsidiary failed to apply a security patch that could have prevented the breach.
“Companies that collect or store personal data must understand that they need to protect it,” Iowa Attorney General Tom Miller said in a news release. “Data breaches like this expose consumers to identity theft, financial harm, a loss of privacy and added stress.”
In total, Nationwide has agreed to pay $5.5 million to the 32 states and District of Columbia. Iowa will receive $321,837, which will go to the state’s consumer education and litigation fund.
Nationwide and its subsidiary, Allied Property and Casualty Insurance Co., denied wrongdoing or fault in the settlement.
The settlement does require the company to take more steps to prevent future data breaches, including the timely application of security updates. Nationwide also has to disclose to potential customers that it retains their personal information.
Nationwide is based in Columbus, Ohio. Allied has its headquarters in Des Moines.
l Comments: (319) 398-8366; firstname.lastname@example.org