This class action alleges that American Family Life Insurance Company (AFLIC) did not properly secure and safeguard the personally identifiable information (PII) stored in its systems, and that this lack of care led to a data breach that exposed that information.
The class for this action is all individuals in the US whose PII or financial information was exposed to unauthorized third parties as a result of the data breach that occurred between December 5 and 11, 2021. A California Subclass has also been defined, for those in the above class who are in California.
According to its data breach notification, the complaint says, AFLIC “believes that unauthorized parties used an automated bot process to enter certain personal information from unknown sources into the AFLIC online quoting platform, and by doing so, they may have accessed” the driver’s license number of the representative plaintiff in this case “as part of the platform’s pre-fill function.”
The complaint alleges that unauthorized persons gained access to PII including names, addresses, and driver’s license numbers between December 5 and 11, 2021. The complaint alleges that the information was not maintained “in a manner consistent with industry and other relevant standards.”
However, the complaint claims, the company did not begin sending out notices until a month later, around January 14, 2022. But the complaint alleges that even now AFLIC has not told those affected exactly what data was stolen, what kind of malware was used to attack the system, and whether it is taking any steps to better protect information since the attack.
The complaint alleges, “By obtaining, collecting, using, and deriving a benefit from” the PII of various individuals, AFLIC “assumed legal and equitable duties to those individuals.”
However, it says, AFLIC ignored the rights of those persons “by intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures to ensure” that their information was kept safe, “failing to take available steps to prevent an unauthorized disclosure of data, and failing to follow applicable, required, and appropriate protocols, policies, and procedures regarding the encryption of data, even for internal use.”
According to the complaint, the many high-profile data breaches of recent years had put AFLIC on notice of these kinds of attacks, and AFLIC should have taken adequate steps to prepare for and prevent such an event.
The complaint alleges that, once information is in the hands of thieves, it may be used to cause financial damage to victims for years afterwards. “For example,” the complaint alleges, “it is believed that certain PII compromised in the 2017 Experian data breach was being used, three years later, by identity thieves to apply for Covid-19-related benefits in the state of Oklahoma.” Victims will be at risk for the rest of their lives, the complaint asserts.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
American Family Life Insurance Driver’s License Data Breach Complaint
February 15, 2022
This class action alleges that American Family Life Insurance Company (AFLIC) did not properly secure and safeguard the personally identifiable information (PII) stored in its systems, and that this lack of care led to a data breach that exposed that information.
American Family Life Insurance Driver’s License Data Breach ComplaintCase Event History
American Family Life Insurance Driver’s License Data Breach Complaint
February 15, 2022
This class action alleges that American Family Life Insurance Company (AFLIC) did not properly secure and safeguard the personally identifiable information (PII) stored in its systems, and that this lack of care led to a data breach that exposed that information.
American Family Life Insurance Driver’s License Data Breach Complaint