Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans.
The two companies are accused of paying millions of dollars to app developers to embed tracking code in widely used mobile apps to gather the location and movement data of people without their knowledge or consent.
That data was used to profile people’s driving habits and adjust insurance quoting or renewal costs, allowing the company to identify risks and set the prices accordingly.
Additionally, Allstate and Arity allegedly sold this data to other insurance companies so they could do the same.
“Allstate collected trillions of miles worth of location data from over 45 million consumers nationwide and used the data to create the world’s largest driving behavior database,” reads the Texas AG announcement.
“When a consumer requested a quote or renewed their coverage, Allstate and other insurers would use that consumer’s data to justify increasing their car insurance premium.”
This violates the Texas Data Privacy and Security Act (TDPSA), since the app users were not informed of this targeted data collection and they did not consent to it.
Lawsuit targeting Allstate
The lawsuit, submitted to the Montgomery County district court, mentions the integration of tracking software (Arity SDK) into apps such as Life360, GasBuddy, Fuel Rewards, and Routely.
Those four apps have been downloaded over 115 million times from Google Play alone.
The apps allegedly covertly collected sensitive location data every 15 seconds if users gave them location permission upon installation/launch.
Additionally, the lawsuit alleges that Allstate also purchased location data directly from Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram, to use for the same purposes.
The legal action claims violations of the TDPSA, the Data Broker Law, and the Texas Insurance Code concerning unfair and deceptive acts and practices.
The lawsuit requests several remedies, including:
- Civil penalties under the mentioned Texas laws, including penalties of up to $7,500 per violation under the TDPSA and $10,000 under the Texas Insurance Code.
- Restitution for consumers who suffered losses due to the alleged practices.
- Destruction of all unlawfully obtained data, including data held by third parties.
- Injunctive relief, preventing the defendants from continuing the described practices.
BleepingComputer has contacted both Allstate and Arity for a statement regarding Paxton's legal action, and a company spokesperson responded with the following comment:
"Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations."
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Comments
thatirish - 1 year ago
I have no insurance app of any kind on my phone. Orwell was right....
mhrtry - 1 year ago
I've been with Allstate for five years and have been using the app as well. The privacy policy for the app is pretty clear. Also, I don't have a lead foot and have been consistently getting portions of my auto insurance premiums refunded during that time.
If people want to drive 20 mph over posted speed limits and tailgate, then they shouldn't download the app or use any device provided by any insurance company. Nor should they agree to the terms of service on their vehicle displays.
22 years driving eighteen-wheelers taught me that it is impossible to avoid being tracked, even before the introduction of smartphones.
kryp-tonite - 1 year ago
Oh, really? The privacy policy is pretty clear, is it?
It clearly states the app is going to track your location every 15 seconds, whether you're driving or not? Doubtful.
gryphenwings - 1 year ago
You're making the same idea that if I haven't done anything wrong, then I have nothing to hide. The problem is if you exercise your right to visit an adult bookstore and then some politician decides to punish you. Or you go to a gay bar, or Planned Parenthood, or a divorce lawyer.... the list goes on.
We live in a society that loves to shame people for the wrong reasons. I don't need a nanny state telling me I have the wrong morals because they object to my lawful exercise of freedom. Our first amendment rights should never be signed away for the sake of a few dollars off my insurance policy.
wpontius - 1 year ago
One in 335,893,238 (U.S population 2024), You are much more likely to be struck by lightening (1 in 1 million) or be in a plane crash (1 in 11) million). High chance you will to be in a car accident (1 in 366\ every 1,000 miles driven).
Said Politician would have to identify you out of the 45 million people in the aggregated data, then find your activity.. Unlikely that Allstate retained the identifiers of all those drivers or be able to pick you out of the aggregated data. They are interested in groups, trends and statistics not individuals.
deltasierra - 1 year ago
No, the problem is that the tracking data was purchased directly from unrelated apps like GasBuddy and directly from vehicle manufacturers like Toyota. Did you know and consent to that?
Backlands8056 - 1 year ago
what a freaking dystopian nightmare
deltasierra - 1 year ago
It really is. It's gotten to where I don't connect my phone to my infotainment system via Bluetooth (or USB). No Sirius Guardian, OnStar, any of that cellular B.S. Yeah, remote start from an app is nice, but key fob based remote start is more than fine for me.
Also, just wait until Chinese EV's proliferate in the U.S. Won't be for a while but I'm sure the day will come.