Root pays $975,000 settlement over data breach exposing 45,000 New Yorkers

ReutersMar 24, 2025 2:51 PM

By Mia MacGregor

March 24 - (The Insurer) - Auto insurtech Root will pay $975,000 in penalties to the state of New York after a data breach exposed the personal information of approximately 45,000 New Yorkers.

Root discovered the vulnerability in January 2021, when bad actors exploited a prefill flaw to access sensitive data, according to New York Attorney General Letitia James.

An investigation by the New York state attorney general's office found that Root failed to conduct adequate risk assessments on its public-facing web applications, did not detect the plain text exposure of consumer information and lacked sufficient security controls to prevent automated attacks.

In addition to the financial penalty, the company must implement stronger data security measures, the attorney general's office stated.

Although Root does not offer insurance in New York, the attorney general's office said that the company's security failures allowed hackers to access New Yorkers’ license numbers and other personal information.

The settlement follows similar enforcement actions against other insurers. James recently secured $5.1 million in penalties from Geico and Travelers, along with $500,000 from Noblr, for failing to protect consumer data.

With this latest settlement, the total amount recovered from auto insurers for data security failures now stands at $6.57 million, according to the New York attorney general's office.

“Auto insurance companies need to make sure that the systems they use to store people’s data are protected to prevent cybercriminals from stealing driver’s license numbers, Social Security numbers, and other private information,” said James.

“Today’s settlement should send a message to companies in the auto insurance industry that my office will take action to protect New Yorkers' private information.”

Disclaimer: The information provided on this website is for educational and informational purposes only and should not be considered financial or investment advice.

Recommended Articles

Storage Chip Giant SanDisk Replaces TEAM to Join Nasdaq 100 Index, SanDisk Shares May Soar to $1,000

TradingKey — Last Friday, Nasdaq announced that memory chip giant SanDisk (SNDK) will join the Nasdaq 100 Index before the market opens on April 20, 2026, replacing Atlassian (TEAM).

Trump Blockade of Strait of Hormuz Drives Oil Price Surge, Will This Be Another TACO?

TradingKey - On Sunday (April 13), Donald Trump announced that following the breakdown of U.S.-Iran negotiations, the U.S. Navy will implement a naval blockade on Iranian ports starting Monday.

Up 20% in Five Days, Over 50% This Year: Why Was Marvell Technology Tapped by Nvidia?

TradingKey - Since April 2026, Marvell Technology (MRVL) has demonstrated sustained stock price strength. On April 10, the shares closed at $128.49, up 7.14% for the day. The stock has seen a cumulative gain of nearly 20% over the past five trading days, with an overall increase of 29.72% in April.

Musk’s XChat Is Coming to App Store, Meta, Apple and Finance World Are Trembling

Elon Musk’s XChat, the Western equivalent of WeChat, is set to launch on the App Store, issuing a direct challenge to giants such as Meta, Apple, and PayPal.

Microsoft Launches Its Own AI Models and Ditches OpenAI Dependence - Is MSFT Stock a Buy at $370?

Microsoft at $370 is a 17%-revenue-growth, 47%-margin, $625-billion-backlog business trading at a multi-year low valuation, because the market is scared of macro noise. The AI model releases this week prove the moat is deepening, not narrowing.

Featured Tools