Nationwide Will Pay $5.5M Over Security Breach

Aug. 09--Nationwide might be back on your side.

The insurance company has agreed to pay $5.5 million and take other steps to protect customers' identity as part of a settlement with New Jersey and 31 other states, officials said Wednesday.

The move resolves allegations that the company left out a critical security patch that could have prevented a security breach in October 2012 that resulted in the loss of personal data belonging to 1.27 million consumers, including 1,112 in New Jersey.

"We live in a world where, for most consumers, it's difficult if not impossible to avoid having their personal information end up stored in multiple databases," New Jersey Attorney General Christopher Porrino said in a statement. "Businesses that collect and keep such data have a duty to safeguard the information."

Columbus, Ohio-based Nationwide Mutual Insurance Co. sells policies including auto, commercial and property insurance, and it has become a household name partly thanks to pitchmen like former NFL quarterback Peyton Manning humming its jingle.

The company's agents were the target of what Nationwide said was a sophisticated criminal attack that resulted in the loss of consumers' social security numbers, driver's license numbers, credit scoring information and other personal data.

The company reported the attack to law enforcement authorities and notified consumers whose personal information might have been compromised.

The company in the settlement didn't admit to violating data security laws.

"The decision to enter into a settlement agreement reflects our desire to continue our strong cybersecurity program and to concentrate on our core business operations," Nationwide spokesman Eric Hardgrove said.

More: Passwords drive you nuts? 7 tips make you sane

More: 5 ways to protect your child from ID theft

New Jersey will receive about $101,000 as its share of the settlement.

Nationwide will take other steps in the next three years to shore up its security practices, officials said.

Among them:

* It will hire a technology officer to monitor and manage software and application security updates.

* It will update its procedures and policies relating to the maintenance and storage of consumers' personal data.

* It will hire an outside, independent provider to perform an annual audit of its practices related to consumers' personal data.

Michael L. Diamond; 732-643-4038; [email protected]

___

(c)2017 the Asbury Park Press (Neptune, N.J.)

Visit the Asbury Park Press (Neptune, N.J.) at www.app.com

Distributed by Tribune Content Agency, LLC.