August 26, 2025 – The insurance industry is facing a wave of class action lawsuits in 2025 as several major insurers grapple with the fallout from significant data breaches exposing sensitive customer information. Companies like Allianz Life, Farmers Insurance, Erie Insurance, Aflac, and others have been targeted by legal actions alleging negligence, inadequate cybersecurity, and violations of data protection laws. These lawsuits underscore the growing risks insurers face in an era of sophisticated cyberattacks, with millions of customers affected and potential liabilities mounting.
Allianz Life Faces Multiple Lawsuits
Allianz Life Insurance Company of North America is at the center of a storm following a July 16, 2025, data breach that compromised the personal information of approximately 1.1 million of its 1.4 million U.S. customers. The breach involved unauthorized access to a third-party, cloud-based customer relationship management (CRM) system through social engineering tactics. Exposed data included names, Social Security numbers, policy numbers, dates of birth, addresses, phone numbers, and email addresses. A class action filed on July 31, 2025, in the U.S. District Court for the District of Minnesota by plaintiff Sylvia Herrera claims Allianz failed to implement adequate security measures and delayed notifying affected customers, increasing risks of identity theft. The lawsuit seeks damages, attorney fees, and court orders to improve Allianz’s data security practices. Additional investigations by firms like Kantrowitz, Goldhamer & Graifman, P.C., suggest more lawsuits may follow.
Farmers Insurance Breach Impacts Over 1 Million
Farmers Insurance Exchange, along with its subsidiaries, disclosed a data breach on May 29, 2025, affecting 1,071,172 customers. The breach, reported to the California Attorney General on August 22, 2025, involved unauthorized access to a third-party vendor’s database, exposing names, addresses, Social Security numbers, driver’s license numbers, and financial information. Law firms like Shamis & Gentile P.A., Markovits, Stock & DeMarco, LLC, and Migliaccio & Rathod LLP are investigating potential class actions, alleging Farmers failed to safeguard sensitive data and notify customers promptly. Affected individuals are being offered 24 months of free credit monitoring through Cyberscout, but lawsuits argue this is insufficient given the long-term risks of identity theft and fraud.
Erie Insurance Hit with Dual Class Actions
Erie Insurance is facing two class action lawsuits following a June 7, 2025, cybersecurity incident involving “unusual network activity.” Filed by Illinois customer Neil Plascencia and former Wisconsin employee Amy Haas, the lawsuits claim Erie was negligent in protecting personally identifiable information (PII), with each seeking $5 million in damages. Reports suggest the cybercrime group Scattered Spider may be behind the attack, which disrupted Erie’s systems, affecting phone, email, and online applications. Erie has not confirmed a breach or ransomware attack but is working with cybersecurity experts to restore systems. The lawsuits highlight the insurer’s alleged failure to secure sensitive data, potentially exposing customers to significant risks.
Aflac Targeted After Sophisticated Cyberattack
Aflac Inc., the nation’s largest supplemental health insurance provider, disclosed a data breach on June 12, 2025, affecting an undetermined number of customers, employees, and agents. The attack, attributed to a sophisticated cybercrime group using social engineering tactics, potentially exposed names, Social Security numbers, medical information, and claims data. Woods Lonergan PLLC and Cuneo Gilbert & LaDuca are investigating potential class actions, alleging negligence, breach of contract, and violations of the Health Insurance Portability and Accountability Act (HIPAA). The breach is part of a broader campaign targeting insurers, with characteristics resembling attacks by the Scattered Spider group. Aflac is offering 24 months of free credit monitoring and identity theft protection, but plaintiffs argue this does not address the long-term risks of medical and financial fraud.
Other Insurers Facing Legal Scrutiny
The surge in lawsuits extends beyond these major players:
- CRC Insurance Services reported a February 3, 2025, breach exposing Social Security numbers, medical information, and financial account details. ClassAction.org is investigating potential lawsuits, emphasizing the need for compensation for affected individuals.
- Philadelphia Insurance Companies faced a cyberattack on June 9, 2025, prompting investigations by Markovits, Stock & DeMarco, LLC, for potential class actions.
- Kelly Benefits is the target of a class action alleging negligence and HIPAA violations after a breach leaked sensitive information.
- New Era Life Insurance and United of Omaha are also under investigation for breaches, with lawsuits pending or in development.
Industry-Wide Implications
The insurance sector has become a prime target for cybercriminals, with groups like Scattered Spider exploiting vulnerabilities through social engineering, phishing, and multi-factor authentication attacks. Google Threat Intelligence Group noted a shift in 2025, with these groups pivoting from retailers to insurers, drawn by the vast troves of sensitive PII and health data. The lawsuits highlight recurring allegations: inadequate cybersecurity, slow notification, and failure to meet federal and state data protection standards, including HIPAA for health-related data.
For insurers, these incidents are not just IT issues but business and reputational crises. Customers entrust insurers with highly sensitive information, and breaches erode trust while inviting legal and financial consequences. The lawsuits seek damages for out-of-pocket losses, emotional distress, and the ongoing risk of identity theft, with some demanding systemic changes to data security practices.
What Affected Customers Can Do
If you’ve received a data breach notification from any of these insurers, consider the following steps:
- Enroll in free credit monitoring: Most affected companies offer 12–24 months of services like Cyberscout or Medical Shield. Activate these immediately.
- Monitor accounts: Regularly check bank statements, credit reports, and insurance accounts for suspicious activity. Request free annual credit reports from Equifax, Experian, and TransUnion.
- Place a fraud alert: Contact one of the three major credit bureaus to add a free fraud alert, requiring creditors to verify your identity before opening new accounts.
- Seek legal advice: Contact law firms specializing in data breach litigation to explore joining class actions. Firms like Woods Lonergan PLLC (332-286-4887) or Kantrowitz, Goldhamer & Graifman, P.C. (866-896-0935) are actively investigating.
Looking Ahead
As these cases progress, the courts will scrutinize what constitutes “reasonable” cybersecurity in the insurance industry. Outcomes could set precedents for data protection standards and corporate accountability, potentially reshaping how insurers handle sensitive information. For now, affected customers face heightened risks of identity theft and fraud, while insurers brace for costly legal battles and reputational damage.
Sources: Insurance Business America, ClaimDepot.com, ClassAction.org, InsuranceJournal.com, WoodsLaw.com, KGG Law, LegalNewsFeed.com, MSDLegal.com, Privacy-Daily.com
Disclaimer: This article is based on publicly available information and does not constitute legal or financial advice. Consult a qualified attorney or financial advisor for personalized guidance.