- New York AG Letitia James settled with Root Insurance Company to resolve allegations that the company’s data security deficiencies led to a 2021 data breach involving 72,000 people, in violation of state consumer protection and data security laws.
- According to the settlement, Root inadequately safeguarded personal information that its online automobile insurance quoting tool prefilled for consumers after they submitted limited personal information, which allowed bad actors to gain access to consumers’ prefilled information.
- Under the terms of the settlement, Root will pay $975,000 in civil penalties and implement safeguards for consumer information, among other things.