The terms of a proposed $3.25 million settlement between Progressive and plaintiffs in a class action lawsuit over an alleged data breach could be finalized on February 25.
The lawsuit claims Progressive failed to protect the personally identifiable information (PII) of more than 347,000 individuals, exposing names, addresses, Social Security numbers, driver’s license numbers, and financial details due to inadequate security measures.
According to the complaint, Progressive learned on May 19, 2023, that employees of a third-party service provider had improperly shared their access credentials with unauthorized individuals who then performed call center duties. Progressive later notified affected customers in August and offered two years of credit and identity monitoring through Experian.
The complaint argues that unauthorized individuals had access to Progressive’s systems for years, with some third-party employees hired as early as May 2021. The lawsuit further claims the breach gave bad actors everything needed for identity theft and financial fraud, causing significant risk to affected individuals.
Following extensive negotiations, both parties agreed to the proposed settlement. Progressive denies all allegations of wrongdoing, stating that the settlement is intended to avoid the expense and uncertainty of litigation rather than serving as an admission of liability.
The deadline for affected individuals to submit a claim is February 18.
Progressive’s case follows recent regulatory actions against other insurers for data security failures. In November, GEICO and Travelers were fined $11.3 million by the New York Attorney General’s Office and the Department of Financial Services for security lapses that exposed more than 130,000 New Yorkers’ personal information. Hackers reportedly exploited weaknesses in insurers’ online quoting systems to steal driver’s license numbers and birthdates, which were then used for fraudulent unemployment claims during the COVID-19 pandemic.
Leave a Reply