State Farm began alerting customers of a data security incident involving a third-party vendor's misuse of customer personal and financial information.
On January 21, the insurance firm opened an investigation related to employees of an independent contractor agent misappropriating customer funds and misusing payment cards, according to a breach notification letter submitted to the California AG website.
The investigation revealed the contractor's employees were using customer payment cards to make payments and/or replace customer payments that were either diverted or not correctly applied to customers' accounts. In some cases, information was used to include additional insurance coverage without the policyholders' knowledge and consent, the notice said.
State farm has since terminated system access of the individuals involved and is engaged in remediation activities for those the victims.
The firm is offering those affected one year of credit monitoring and identity protection services.