Insurance company sued by driver whose personal data he says its Web site let identity thieves collect
A South Hadley man last week filed what he hopes will be a class action against Mapfre USA over the way hackers obtained personal information for Massachusetts drivers from its get-a-quote Web site.
In his suit, filed in US District Court in Boston, Brian Conway argues Mapfre - and its subsidiary, Commerce Insurance - had more than ample advance warning that the auto-populate function on the site was an info thief's dream, because it let somebody type in some of a driver's personal information, such as their address and birth date, and get back far more information in auto-filled form fields, including driver's license IDs, make and models of cars and VINs.
Conway charges:
Following the Data Disclosure, Plaintiff Conway experienced an approximately $400.00 fraudulent charge on his Mastercard. This fraud occurred after MAPFRE's Data Disclosure. This fraud and identity theft is temporally and logically connected to the data derived from MAPFRE's Data Disclosure in the same way that data breach and other privacy cases have found to be "fairly traceable." MAPFRE disclosed Plaintiff Conway's driver's license number and, potentially, other personal information, shortly before he experienced the fraud.
Conway continues that the insurers knew there were ways to block the release of a person's information but refused to do that to make it easier to drum up business in a post-pandemic world in which would-be customers continued to be more likely to seek insurance online rather than in person or on the phone.
Since their Data Disclosure, Defendants have confirmed few changes to their decision to disclose the PI, their data security infrastructure, processes, or procedures to fix the vulnerabilities in their computer systems or online sales system.
In addition to being named lead plaintiff in a class-action suit, Conway is seeking an order requiring Mapfre and Commerce to fix all their online holes and stop letting data thieves suck informaiton out of their quoting sites plus, of course, suitable damages and attorneys' fees.
Attachment | Size |
---|---|
Complete complaint | 627.54 KB |
Ad:
Comments
Only tangentally related
What is the point of insurance agents?
You can't buy insurance directly from insurance underwriters in MA.
To actually buy the policy you need to go through an agent. But you still pay the provider directly and receive all documents directly from that corporation. Want to change anything? Gotta call the agent again.
So what's the point of agents beyond being middlemen who take a cut in exchange for entering some data into a portal only they have access to?
As a MAPFE customer, I hope this guy wins. Given they had this info on file anyway, what is the point of auto-populating the fields on the quote form anyway?
Amica
I've used Amica for the last 24 years in Boston. Never talked to an independent agent. Do they employee "agents" to handle policy changes (I've used Amica for 18 years before moving to Boston)?
Progressive sold me a policy
Progressive sold me a policy on their website. No agent involved. I liked being able to play around with the coverage levels and see the resulting prices without having to convince an agent on the phone to do it for me.
The only problem was when one of their employees told me I could save some money by changing my garaging address to my workplace, since I often left my car there. But then some months later someone else noticed and raised my rates, not only going forward but also retroactively due to the "error" in the address I had provided. I'm not sure how they could decide that something I did in the past was more risky than they originally thought, when in fact I had zero claims that whole time. They also threatened that, while they weren't telling me where I could and couldn't leave my car, maybe they wouldn't feel like paying any claims if I parked my car at work overnight any more.
No thanks. I'll take my business elsewhere.
Uh,sales?
They are a sales force. A company needs sales to exist and the agent performs that function. When someone has multiple vehicles and has other insurance needs like homeowner, liability, etc., an agent can make sure you have adequate coverage with no overlap. There are also circumstances when an agent can try different scenarios to find the least expensive combination for the coverage you want.
And then when it comes to servicing your needs, an agent is a lot of help. Examples:
- adding/deleting a vehicle
- claims
- questions like "Do I get vehicle coverage when I rent a car in Ireland?" (Answer: No) Utah? (Yes)
Also, insurance is an important part of your investment portfolio, i.e. you want to cover your ass and not lose your retirement nest egg to some scumbag with a frivolous (or other) lawsuit.
No, I am not in the insurance business (not even close) nor do I support MAPFRE in this instance. I am reflecting on my experience of dealing with insurance issues for a long time.
Edit: Let me add one thing. If you're in your 20's, single, have an apartment with roommate(s), have a 15-year-old beater car, a lot of the above probably doesn't apply to you. I get it.
Auto populating (apparently) without verifying identity?
Not even a password?
Headdesk.
Kinda like
If you inserted your card into an ATM and on the screen a message popped up saying, "Is your PIN still 8361?"