Insurance Technologies, Zywave Hit with Class Action Over February 2021 AgencyMatrix Data Breach [UPDATE]
by Erin Shaak
Last Updated on May 17, 2022
Heath et al. v. Insurance Technologies Corp. et al.
Filed: June 18, 2021 ◆§ 3:21-cv-01444
ITC and Zywave face a class action over a late-February 2021 data breach that reportedly compromised the personal information of thousands of consumers.
Case Updates
May 17, 2022 – Settlement Website Is Live
The official website for the Insurance Technologies Corp. and Zywave data breach settlement is now live and accepting claims.
Head over to ITCSettlement.com to learn more and file your claim by clicking the “Submit a Claim” button.
The claim form will ask for your unique notice ID and confirmation code from the notice you should have received from the settlement administrator via mail or email. The settlement administrator can be reached at info@ITCSettlement.com.
If you did not receive a notice, you can still submit a claim by clicking here.
The deadline for filing a claim is July 5, 2022.
Keep in mind that it may take a little while for you to receive a payment from the settlement after your claim is approved. Payments won’t be sent out until after the settlement has received the judge’s final approval and any appeals have been resolved.
A final approval hearing has been scheduled for September 7, 2022.
March 11, 2022 – Zywave Data Breach Class Action Settled for $11 Million
Insurance Technologies Corp. and Zywave have agreed to settle the proposed class action detailed on this page for $11 million.
The proposed deal is slated to cover all individuals whose personally identifiable information (PII) was potentially subjected to the February 2021 data breach, as confirmed by Zywave’s and Insurance Technologies’ business records.
A 33-page memo submitted by the plaintiffs in support of the proposed deal states that the settlement, which awaits preliminary approval from the court, offers three separate categories of compensation. If approved, the settlement will offer cash payments of $100 to $300 to eligible “class members” who reside in California and reimbursement of up to $5,000 for reasonably traceable out-of-pocket expenses, including $25 per hour (up to eight hours) for time lost dealing with the effects of the data breach. The deal would also automatically offer to every class member 12 months of identity theft and fraud protection through Aura’s Financial Shield.
According to settlement documents, more than 4.3 million individuals’ PII was impacted by the Zywave data breach, with more than 318,000 of these people living in California.
If preliminary approval is granted, consumers who are covered by the settlement will receive direct notice of the deal to their physical mailing addresses or email addresses. This notice will contain information on how to submit a claim for compensation and a summary of the individual’s legal rights as they pertain to the class action litigation. The settlement administrator will be responsible for obtaining the names and contact information of those covered by the deal. Lastly, an official settlement website, where claims can be filed, and a toll-free telephone number are set to be launched, so be sure to check back with this page for when they become available.
Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.
Insurance Technologies Corp. (ITC) and Zywave, Inc. face a proposed class action over a late-February 2021 data breach during which the personal information of thousands of ITC clients’ customers, potential customers and other individuals was reportedly compromised.
The 36-page complaint out of Texas federal court claims consumers’ names, Social Security and driver’s license numbers, dates of birth and username/password information were compromised in the February 27 incident. The suit alleges the defendants’ failure to safeguard the sensitive data, as well as provide warning of their “inadequate information security practices” and monitor their sites and platforms for vulnerabilities, amounts to negligence and violates state and federal laws.
According to the suit, those affected by the breach now face “a lifetime risk of identity theft” given their personally identifiable information (PII) was unlawfully accessed and possibly offered for sale on the dark web.
Zywave and subsidiary ITC are information technology services companies that offer to insurance companies a cloud-based agency management system called AgencyMatrix, the lawsuit explains. Per the case, ITC in May 2021 began to notify customers and state attorneys general about a data breach that occurred on February 27, during which “an unauthorized third party gained access to [ITC’s] AgencyMatrix application.”
Though the defendants “immediately commenced an investigation” and purportedly contained the incident on March 4, the companies failed to take any measures to notify those affected for over two months, the lawsuit alleges.
The case claims there is “no indication” that the defendants fulfilled “even their most basic promises” regarding data security, and have not stated that any of the compromised information was encrypted. According to the suit, although the companies were aware of the risks of a data breach, they failed to comply with Federal Trade Commission guidelines and industry standards concerning data security.
The suit goes on to claim that the defendants have done “absolutely nothing” to provide relief to those affected by the breach and offered only 12 months of “inadequate identity monitoring services” to at least some consumers, though the case relays that it is unclear whether the credit was offered to everyone whose information was compromised. Moreover, the defendants have “place[d] the burden squarely on” those affected in the incident by requiring them to spend time and effort signing up for the service rather than automatically enrolling them.
The lawsuit looks to represent anyone in the U.S. whose PII was compromised in the Insurance Technologies Corp./Zywave data breach that occurred on February 27, 2021 and was announced around May 10, 2021. The suit also proposes two state-specific subclasses for Pennsylvania and Maryland residents who fit the same criteria.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Before commenting, please review our comment policy.