Data from thousands of Active Insurance broker clients was unprotected. The CNIL has decided to punish him.
As a broker specializing in the distribution of auto insurance contracts online, Active Assurances offers its customers and potential prospects the opportunity to request quotes, take out contracts or access their personal space from its website. The company was pinned by the National Commission for Informatics and Liberties ( CNIL ), which had received a report on June 2018.
Data from thousands of customers was available online
The Data Constable conducted an online check of Active Insurance's business which revealed that the broker's client accounts were accessible on the Web via hyperlinks referenced on a search engine. The searchable data included copies of registration cards, driver's licenses, and bank account statements.
A fine of 180,000 euros
After alerting the company of the shortcomings noted, the CNIL conducted a second on-site check to see if Active Assurances had taken the necessary measures. However, the authority found that these were not sufficient. In particular, she noted passwords identical to the date of birth of the policyholders, as well as login credentials and passwords sent by email to the clients mentioned in plain text in the body of the message.
Based on article 32 of the RGPD, the CNIL imposed a fine of 180,000 euros on Active Assurances. Several thousand insureds and former customers who had terminated their contract with the broker would have been affected by this failure to secure data.
0 Comments