Pennsylvania has recovered $248,830 as part of a national settlement with Nationwide Mutual Insurance Co. that also calls for changes in the insurer’s information policies, according to Pennsylvania Attorney General Josh Shapiro
The settlement with Nationwide and a subsidiary stems from a 2012 data breach caused by the insurer’s alleged failure to apply a security patch, resulting in the loss of customer names, Social Security numbers, credit card data and other information, according to Shapiro’s office.
Overall, the breach affected more than 1.2 million people, including about 36,000 in Pennsylvania. Not all were Nationwide customers. Some had given the company information to get insurance quotes, and the company retained the information.
“The reforms required by the settlement will help ensure Nationwide protects consumers’ personal information better in the future,” Shapiro said in a statement.
Those reforms include requiring Nationwide to hire a technology officer responsible for monitoring and managing security updates; strengthening procedures for maintenance and storage of consumer data; and being more transparent about its data-collection practices, including to people who do not become customers.
The company also will be required to hire an external auditor to conduct an annual review of its practices for collecting and storing consumers’ personal information.
Shapiro was joined by attorneys general in 32 other states in reaching the settlement with Nationwide and its subsidiary, Allied Property Casualty Insurance Co. They agreed to pay $5.5 million in all.