fbpx

Metromile Failure to Protect Consumer Information Class Action

Metromile, Inc. is an auto insurance company that, according to the complaint for this class action, “sells pay-per-mile automobile insurance and licenses its technology to other insurance companies.” At issue is not its way of charging for insurance but an extended data breach that took place between July 2020 and January 2021. The complaint alleges that the company had “inadequate safeguards” that permitted the exposure of the personally identifiable information (PII) of around a hundred thousand consumers.

The class for this action is all natural persons living in the US whose PII was exposed as a result of the data breach announced by Metromile on or around March 5, 2021. A New York Subclass has also been defined, for those in the above class living in New York.

The complaint quotes from the admissions in the Form 8-K Metromile filed with the Securities and Exchange Commission (SEC): “Metromile discovered a cybersecurity incident arising out of a software bug related to its online pre-filled quote form and application process. Based on its initial investigation, Metromile determined that unknown persons exploited the software bug to obtain person[al] information of certain individuals…”

According to the complaint, hackers have already used the information they took from Metromile to steal the identities of some of the victims. The complaint alleges, “Because of [Metromile’s] Data Breach, consumers’ PII is still available and may be for sale on the dark web for criminals to access and abuse. Consumers who interacted with [Metromile] face a present and increased, lifetime risk of identity theft.”

These consumers now run these risks, the complaint claims, “due to [Metromile’s] negligent and/or careless acts and omissions and their failure to protect the PII.”

The complaint sums up Metromile’s failures in three points: (a) failure to adequately protect the information, (2) failure to warn consumers of its “inadequate information security practices,” and (3) failure to properly monitor its systems “for security vulnerabilities and incidents.”

Although the company’s investigation ended in January 2021, the complaint points out that the company did not notify the persons affected until March 5, 2021.

The information held by Metromile includes names, addresses, driver’s license numbers, vehicle information, other driver information, and Social Security numbers, among other things. However, the complaint alleges that the company “did not provide detail to consumers about what information was compromised.”

The complaint alleges that Metromile “failed to properly implement basic data security practices, and their failure to employ reasonable and appropriate measures to protect against unauthorized access to consumer PII constitutes an unfair act or practice prohibited by Section 5” of the Federal Trade Commission Act.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Metromile Failure to Protect Consumer Information Complaint

September 30, 2021

Metromile, Inc. is an auto insurance company that, according to the complaint for this class action, “sells pay-per-mile automobile insurance and licenses its technology to other insurance companies.” At issue is not its way of charging for insurance but an extended data breach that took place between July 2020 and January 2021. The complaint alleges that the company had “inadequate safeguards” that permitted the exposure of the personally identifiable information (PII) of around a hundred thousand consumers.

Metromile Failure to Protect Consumer Information Complaint

Case Event History

Metromile Failure to Protect Consumer Information Complaint

September 30, 2021

Metromile, Inc. is an auto insurance company that, according to the complaint for this class action, “sells pay-per-mile automobile insurance and licenses its technology to other insurance companies.” At issue is not its way of charging for insurance but an extended data breach that took place between July 2020 and January 2021. The complaint alleges that the company had “inadequate safeguards” that permitted the exposure of the personally identifiable information (PII) of around a hundred thousand consumers.

Metromile Failure to Protect Consumer Information Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy