Lawsuit alleges Erie Insurance failed to safeguard customer data in network breach

A lawsuit has been filed against the American insurance company Erie Insurance, alleging that it failed to protect customers’ sensitive data from an unauthorised network breach.

 

Erie, Pennsylvania-based Erie Insurance is a property and casualty insurance company offering auto, home, business and life insurance through a network of independent insurance agents.

 

Recently, the Erie Times reported that a lawsuit was filed on June 15 in federal court in Erie against the insurance company, alleging it failed to prevent an alleged ransomware attack that compromised confidential customer data.

 

The lawsuit claimed that “on approximately June 7, 2025, a ransomware group accessed Defendant’s information network,” referring to Erie Insurance. However, the suit did not provide evidence that a ransomware attack took place. Instead, it cited a statement issued by Erie Insurance on June 7, in which the company said it was “currently experiencing a network outage that is affecting all systems.”

 

The lawsuit alleged that Erie Insurance failed to implement basic cybersecurity measures, leaving personal information, including Social Security numbers, financial details, and other sensitive data, exposed to threat actors.

 

“Plaintiff is now at a significantly increased and certainly impending risk of fraud, identity theft, misappropriation of health insurance benefits, intrusion of his health privacy and similar forms of criminal mischief and such risk may last for the rest of his life,” the lawsuit read.

 

The lawsuit, filed by Illinois resident and Erie Insurance customer Neal Plascencia, seeks a court order to certify the case as a class action. Plascencia is pursuing damages on behalf of a nationwide class of individuals affected by the alleged data breach.

 

In a data security incident notice on its website, on June 7, the insurance provider said that it was experiencing “a network outage that is affecting all systems.” In a separate update, the company said it has worked with external cyber security experts and regained control of its internal network.

 

“We have seen no evidence of ransomware and there is no indication of ongoing threat actor activity. 

 

“We take these matters very seriously and are committed to providing updates as appropriate. We encourage customers to follow best practices around personal security and notify their financial institutions of any unusual activity,” Erie Insurance added.