Under the settlement Allstate implemented comprehensive security reforms in its offices throughout the state and agreed to undergo auditing over a four year period.

"We've sent a shiver throughout insurers here," said DMV Director Steven Gourley said, adding that a message had gone out "if you don't pay attention, you will be fined and unplugged.

He said a court action, which could have sought heavier penalties, was dismissed with the settlement because what was wanted was compliance.

The action against Allstate was triggered by a local California police department investigation that involved a threatening letter sent to a motorist whose home address had been gained through Allstate's access to the DMV data.

DMV records are open to the general public, but home address records were restricted in 1990 after the 1989 murder of actress Rebecca Schaeffer by an obsessed fan who had obtained her address from DMV.

After police notified DMV of the Allstate leak, an audit was done which turned up 131 security violations. Allstate like other carriers is permitted access to DMV records for limited business use under a confidentiality agreement.

According to DMV, some Allstate employees generated phony file numbers to request driver information and access passwords for the system that were supposed to be kept secure were stuck on computers with Post-It Notes.

DMV said that it had audited seven Allstate claims offices, but called company violations "system-wide." Department discussions with Allstate about the problem began in April.

Mr. Gourley said the security reforms which Allstate has undertaken establish the company as a role model for others to follow.

Terry Lewkoski, director for Allstate's California claims operation said, "Allstate takes its obligation to safeguard the confidentiality of consumer information very seriously. We are committed to continue working with the DMV to ensure that we continue to strengthen our processes."