Skip to main content

Company Data Breach Costs Nationwide $5.5 Million In Settlement

By August 25, 2017March 1st, 2023Cybersecurity

Nationwide may be “on your side,” as their ads claim, but they’re not immune to data breaches, and in 2012, they suffered a serious one that impacted more than 1.2 million of their customers. A post mortem investigation into the breach concluded that it was made possible because the company failed to install a security patch, which created an opening that the hackers were only too happy to exploit.

The company has now settled the case, having worked out an arrangement that satisfied 32 different state attorney generals and the AG from the District of Columbia. The result was a hefty $5.5 million settlement, and a pledge to update its security practices.

Under the terms of the agreement, the company has three years to accomplish the following:

1) Perform an internal assessment of its patch management practices, and hire an independent provider to perform annual audits regarding the collection and safekeeping of personal information
2) Maintain and utilize tools to monitor the security of systems used to maintain personal information
3) Conduct regular inventories of the patches and updates applied to its systems that are used to store and safeguard personal information
4) Update its policies and procedures as they relate to the storage and safekeeping of personal data

The settlement also requires Nationwide and its subsidiaries to inform consumers that it retains their personal information, even if they do not become customers of the company.

As expensive and painful as this settlement is, it’s definitely not the end of the matter. There’s still a class-action lawsuit pending, and based on the shape of this settlement, that suit is all but certain to cost the insurance giant even more money.

This is a stark example of just how painful data breaches can be. Nationwide is a big company with deep pockets, so it certainly has the resources to weather this storm. Your company may not be so lucky.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.