Geico Customers’ Driver’s License Numbers Stolen In Months-Long Data Breach

A laptop on the Geico website.Casimiro PT/Shutterstock

A security flaw allowed “fraudsters” to steal driver’s license numbers from Geico’s online sales system, according to a data breach notice filed with the California attorney general’s office. Geico has since fixed the vulnerability, which went unnoticed for over a month, but asks that customers look out for fraudulent unemployment applications.

The cause for this data breach is still unclear. Geico states that its online sales system was compromised using data gathered “elsewhere,” which could imply that hackers broke into accounts using login information or personal data leaked from other websites. Still, Geico says that it fixed the problem, so there may have been a bug in its sales system—the insurer’s report is just too vague.

From the Geico data breach notice:

We recently determined that between January 21, 2021 and March 1, 2021, fraudsters used information about you –which they acquired elsewhere — to obtain unauthorized access to your driver’s license number through the online sales system on our website. We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name. If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed.

Unemployment fraud is a common form of identity theft that requires a driver’s license and other personally-identifying information. The fact that Geico’s is laser-focused on unemployment fraud is concerning, and suggests that hackers broke into the online sales system using customers’ personal information.

But again, we don’t know what happened because Geico’s notice is too vague. Geico hasn’t announced (or doesn’t know) how many U.S. residents were affected by the breach, though the number could be quite large. Companies are only required to notify the California attorney general’s office when over 500 state residents are affected by a data breach—and again, that’s just people who live in California.

If you’re a Geico customer, keep an eye out for any mail from your state unemployment office. Geico says that it does not know if your driver’s license number was stolen from its website, though it will give you a year of IdentityForce identity-theft protection and insurance if a fraudster files for unemployment under your name.

Sources: Geico via TechCrunch

Proactive Computing found this story and shared it with you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.