✰PREMIUM
New Yorkers’ data stolen yet again, and they’re left to fend for themselves
Noblr, an auto insurance company, is the latest in a string of businesses to report data breaches impacting New Yorkers.
The recent breach exposed over 80,000 residents’ driver’s license numbers, part of a broader scheme targeting online insurance quoting tools. Hackers reportedly used the stolen information to file fraudulent unemployment claims during the height of the COVID-19 pandemic.
Attorney General Letitia James announced a $500,000 settlement with Noblr on Thursday for its failure to safeguard sensitive data. While this marks a step toward accountability, it reflects ongoing challenges in securing consumer data.
Noblr’s systems were unprepared for such an attack. The company’s quoting tool exposed driver’s license numbers in plaintext formats—on the backend of its website and even in downloadable PDFs. Worse, Noblr did not block users from entering New Yorkers’ information, even though the company doesn’t sell insurance in the state.
The breach went unnoticed for weeks in January 2021 because Noblr didn’t monitor its website traffic in real-time. This failure allowed hackers to exploit vulnerabilities without immediate detection, leaving New Yorkers’ personal data exposed to cybercriminals.
Despite being required to pay $500,000 and enhance its cybersecurity practices, Noblr’s settlement offers little comfort to those affected. This is not the first time Attorney General James has had to hold companies accountable for similar failings. GEICO and Travelers were fined $5.6 million earlier this year for cybersecurity lapses, yet such breaches persist.
These repeated data breaches are more than just troubling statistics. For the victims, the consequences can be devastating. The stolen information has already been used to file fraudulent unemployment claims, and those affected remain at risk for more serious crimes like identity theft.
While companies promise to improve their data security and pay fines, consumers bear the brunt of these breaches. Free credit monitoring and identity theft protection services are often offered, but they do little to address the long-term harm caused by compromised data.
New Yorkers’ data continues to be mishandled, and accountability measures have not yet been enough to prevent such incidents. Attorney General James has taken meaningful steps to hold companies accountable, but the recurring nature of these breaches underscores the need for stronger, proactive protections.
Noblr’s settlement highlights an ongoing cycle: companies face attacks, vulnerabilities are exploited, and consumers pay the price. Until stronger laws and enforcement measures are implemented, New Yorkers remain at risk of having their personal data exposed.
Attorney General James has secured millions in settlements from organizations over the past few years, including $11.3 million from GEICO and Travelers last month, $2.25 million from a health care provider in October 2024, and $4.5 million from a biotech company in August 2024. Despite these efforts, data breaches continue to occur, leaving New Yorkers vulnerable.
While the Attorney General has introduced privacy guides, consumer alerts, and comprehensive security recommendations, these initiatives alone have not stopped the cycle. Without systemic change, the threat of data breaches remains a constant concern for New Yorkers.
Leave a Comment
Leave a Comment