Geico Data Breach lets fraudsters steal driver’s license numbers

Illustration from article titled A Geico Data Breach Let Cyber ​​Fraudsters Steal Customers'  Driver's license numbers

Photo: David McNew (Getty Images)

Auto insurance giant Geico quietly revealed recent security breach allowed cyber thieves to steal customers’ driverslicense s information directly on the company’s website.

The breach was made public on Monday after TechCrunch noticed that the company had recently filed a notice of violation with the California attorney general’s office – as required by state law.

While the extent of the violation is not entirely clear, the state’s disclosure requirements relate to incidents affecting more than 500 state residents. We’ve reached out to Geico and will update this story if we hear from them.

In their opinion, a security issue was not fixed on the company’s website for more than a month, although the nature of the problem is not entirely clear. The issue has since been resolved, but not before an unknown number of people had their information stolen. Geico provides the following image of what happened:

We recently determined that between January 21, 2021 and March 1, 2021, fraudsters used information about you – which they acquired elsewhere – to gain unauthorized access to your driver’s license number through the system. online sale of our website. We have reason to believe that this information could be used to fraudulently claim unemployment benefits on your behalf.

That the data could be used for unemployment fraud is unfortunate, if not totally unexpected. Throughout 2020, organized cybercrime groups have targeted systems across the country and made an incredible amount of money doing so. California Fraudulent Claims Numbered in the billions. In Washington State, grossed $ 650 million was lost to “questionable claims”. Ohio would have paid $ 330 million. The list is lengthened increasingly.

In such systems, cybercriminals will typically use previously disclosed or stolen personal information to impersonate someone else, in the hope of successfully phishing state unemployment systems.

Geico warned that if you receive information from your state system about unemployment benefits that you haven’t personally applied for, there’s a good chance you’ve been targeted for identity theft. If this happens, you should “contact this agency / department if there is a risk of fraud,” the company said.

Tech Technology