fbpx

Zywave, ITC Did Not Prevent Data Breach Class Action

This class action brings suit against Zywave, Inc. and its wholly-owned subsidiary Insurance Technologies Corporation (ITC) because of a data breach they suffered in the first half of 2021. The complaint alleges that they did not take adequate measures to protect customers’ personally identifiable information (PII), did not warn customers of their inadequate security measures, and did not “effectively monitor their websites and platforms for security vulnerabilities and incidents.”

The Nationwide Class for this action is all natural persons living in the US whose PII was compromised in the data breach that took place on February 27, 2021 and was announced on May 10, 2021. Maryland and Pennsylvania Subclasses have been defined for those in the above class living in those two states.

The companies offer technology for insurance. ITC offers marketing, rating, and management software for insurance companies as well as their agents; Zywave “is an insurance technology provider focusing on cloud-based sales management, client delivery, content, and analytic solutions.”

Among the customer information the companies collect are names, addresses, driver’s license numbers, Social Security numbers, dates of birth, user names, and passwords.

According to the complaint, ITC promises, on its website, “that it will protect consumers’ privacy and remain in compliance with statutory privacy requirements.” It quotes the company as saying, for example, “We protect the security of your personal information. We take steps to protect your data from loss, misuse, alteration, destruction, or unauthorized access. We use sophisticated security technologies to secure users’ ordering information… We encrypt users’ ordering information … using Secure Socket Layer (‘SSL’) technology.”

The complaint quotes Zywave’s privacy statement as saying that the company “is committed to the security of personal information and has policies and procedures in place to protect the privacy of your personal information. Personal information shall be protected in a manner commensurate with its sensitivity and reasonable steps will be taken to prevent it from being stolen, lost, accessed, copied, used or modified without permission.”

Nevertheless, the companies suffered a data breach on February 27, 2021. Unfortunately, the companies did not begin notifying customers until around May 10, 2021. The complaint quotes the notice letters as saying that “an unauthorized third party gained access to [ITC’s] AgencyMatrix application,” and “acquired certain personal information stored in that application.” The notices also said that the companies managed to contain the incident on March 4, 2021.

The complaint alleges that, despite their promises, the companies did not take adequate measures to protect customers’ information: “In fact, there is no indication that [the companies] followed even their most basic promises; for example, ITC does not claim that any of the stolen PII was encrypted, including usernames and passwords.” It alleges that the companies did not comply with Federal Trade Commission guidelines for the protection of information.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Zywave, ITC Did Not Prevent Data Breach Complaint

June 18, 2021

This class action brings suit against Zywave, Inc. and its wholly-owned subsidiary Insurance Technologies Corporation (ITC) because of a data breach they suffered in the first half of 2021. The complaint alleges that they did not take adequate measures to protect customers’ personally identifiable information (PII), did not warn customers of their inadequate security measures, and did not “effectively monitor their websites and platforms for security vulnerabilities and incidents.”

Zywave, ITC Did Not Prevent Data Breach Complaint

Case Event History

Zywave, ITC Did Not Prevent Data Breach Complaint

June 18, 2021

This class action brings suit against Zywave, Inc. and its wholly-owned subsidiary Insurance Technologies Corporation (ITC) because of a data breach they suffered in the first half of 2021. The complaint alleges that they did not take adequate measures to protect customers’ personally identifiable information (PII), did not warn customers of their inadequate security measures, and did not “effectively monitor their websites and platforms for security vulnerabilities and incidents.”

Zywave, ITC Did Not Prevent Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy