Skip to content

Insurance company sued for illegally collecting and selling customer data

  • by
  • 2 min read

Texas Attorney General Ken Paxton is suing insurance giant Allstate and its subsidiary Arity for unlawfully collecting, using, and selling location data of Texan users via secret software embedded in its mobile apps, such as Life360. According to Attorney General Paxton, the companies did not give users prior notice or obtain their consent before collecting and using said data, violating Texas’ new Data Privacy and Security Act (TDPSA).

According to Attorney General Paxton’s office, Arity paid software developers millions to incorporate Arity SDK. This cover software tracks users’ driving data in these apps, allowing the company to monitor every user’s location and movement in real time. Using this covert software, Allstate collected “trillions of miles worth of location data from over 45 million consumers” across the United States to build the “world’s largest driving behaviour database.” Allstate and other insurance companies then used this data to justify a hike in car insurance premium prices.

“Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software,” said Attorney General Paxton. “The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better, and we will hold all these companies accountable.”

This isn’t the first time Attorney General Paxton has gone after a company stealing user data. In August 2024, he sued General Motors (GM) for stealing and collecting sensitive driving data from over 1.5 million Texans and selling them to insurance companies without prior knowledge or consent. GM claimed it had prior consent, but Paxton contended that the company “engaged in a series of misleading and deceptive acts” to obtain said consent.

The Texas Data Privacy and Security Act (TDPSA) requires clear notice about data usage and informed consent from a user before a company can use their sensitive data, which Allstate allegedly failed to do. Details about what AG Paxton demands as punishment haven’t been shared yet, but he is looking to proceed to a jury trial.

In the News: Stolen Path of Exile 2 admin account used to hijack player accounts

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>