45 million Americans allegedly had their location data collected and sold by this top insurance firm

POV male driver holding new iPhone 12 Pro smartphone with infotainment car computer system running Apple Computers CarPlay from iOS in background.
(Image credit: Hadrian | Shutterstock)

If you’re asked to enable location data after downloading an app, there’s a good chance your whereabouts are being tracked. However, what happens when a company collects this data and then sells it?

According to a new lawsuit from Texas Attorney General Ken Paxton, the insurance company Allstate allegedly did exactly that when they unlawfully collected, used and sold data on the location and movement of Texans’ smartphones.

In a press release, Paxton alleges that the top insurance firm used secretly embedded software in mobile apps like Life360 to do this and then from there, they used this covertly obtained data to raise the insurance rates of millions of Texans.

To make matters worse, through its subsidiary data analytics company Arity, Allstate allegedly paid app developers to add this location-tracking software to their own apps. In total, the insurance provider collected trillions of miles worth of location data from more than 45 million Americans across the country. This data was then used to create the “world’s largest driving behavior database.” When an American then went to request a quote or renew their coverage, Allstate and other insurance companies would use this data to justify increasing their car insurance premium.

The reason that Texas Attorney General Ken Paxton is now suing Allstate is that these actions violated the Texas Data Privacy and Security Act (TDPSA) because customers weren’t given clear notice that their data was being collected, nor did they provide consent to this data collection.

In a statement to Tom's Guide, Allstate explained what Arity actually does and how consent is required to make use of its services, saying:

“Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations.”

Allstate isn’t the first company to allegedly do something like this and then come under scrutiny in Texas. For instance, in a blog post, the cybersecurity firm Malwarebytes points out that Paxton sued General Motors (GM) last year for collecting and selling the private data of 1.5 million Texans to insurance companies. This was also done without their knowledge or consent.

How to stay safe from unwanted tracking

location permissions on a Pixel 6

(Image credit: Tom's Guide)

The simplest and easiest way to avoid having an insurance company track you is by not installing their mobile app. A lot of car insurance providers now use their mobile apps for this exact same thing with the promise that having their app installed could lead to lower rates. By not installing one of these apps, you might miss out on lower rates but you can also rest easy knowing your location and driving data aren’t being collected.

Other apps like Google Maps require your location data to function though. With these ones, you should choose the option “Allow only while using the app” when accepting permissions after installing an app. This way, the app won’t be able to continuously track your location and movement.

I know it sounds ridiculous in 2025 but you also always have the option to leave your phone at home if you’re very concerned about your location being tracked or data on your movements being collected.

Texas’ Data Privacy and Security Act and California’s Consumer Privacy Act (CCPA) are a step in the right direction but until we have a nationwide version of something close to the EU’s General Data Protection Regulation (GDPR), we’ll likely continue to hear about companies collecting and misusing customer data. This practice can make things even worse when a company you do business with is hit by a data breach.

Hopefully we’ll see a nationwide effort to protect U.S. user data soon but in the meantime, you just have to be careful when giving any app permission to use your location data.

More from Tom's Guide

Network
Arrow
Express VPN
NordVPN
Private Internet Access
ProtonVPN
Surfshark
Contract Length
Arrow
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
US Capitol building dome with American flag
These states have the worst data privacy in the US – is yours one of them?
Cartoon of person peering through US flag
Western governments want your data and big tech is happy to provide – how to slow them down
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
Logos of Amazon, Google, and Apple
TikTok, Google, Amazon, Apple – which is worst for data privacy?
Globe Life insurance company logo on a cell phone in front of a monitor display the About page for the company. Shadowy hand holds the phone.
850,000 people exposed in massive insurance data breach — full names, dates of birth and SSNs
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
Latest in Online Security
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 15 (#643)
iPhone 17 Pro render
iPhone 17 Ultra just tipped to replace Pro Max in new leak — with these key upgrades
RCS messaging on an iPhone
Forget green bubbles — iPhones will soon get encrypted RCS messaging to Androids
CAD renderings of the Google Pixel 10 Pro
Latest Google Pixel 10 leak could make you want to skip it altogether
Nintendo Switch 2
Nintendo Switch 2 — analysts say it will be massive hit even with price hike
Jason Sudeikis as Ted Lasso in Ted Lasso season 3
‘Ted Lasso’ season 4 is official — here’s what Jason Sudeikis revealed