GEICO Warns Customers about Stolen Driver License Data
GEICO Insurance, the second largest auto insurance provider in the United States claims that it has fixed a vulnerability that exposed private customer information from its website. For nearly two months, threat actors stole driver license number from GEICO customers, thanks to a security flaw on the GEICO website that has since been patched.
The vulnerability was disclosed in a data breach notice filed earlier this month with the California, where companies are required to provide notice of data breaches to the Attorney General within three months of their discovery. The notice came in the form of a letter to clients who may have been affected by the breach signed by Sheila King, manager for data privacy of the GEICO Privacy Team. In it, she wrote that cybercriminals obtained access to the customer’s driver license from the online sales system using of the company’s website between January 21, 2021 and March 1, 2021.
“We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name,” according to the letter. “If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed.”
GEICO secured the affected website and investigated the flaw that was allowing information to be exposed as soon as the company became aware of the issue, according to the letter. The company did not disclose the specific nature of the security issue, however.
The company also implemented “additional security enhancements to help prevent future fraud and illegal activities on our website,” although no specifics were given.
Geico advised customers to review any mailings from their respective state’s unemployment agency and to contact the agency if there is any chance fraud is being committed. The company also offered affected customers a one-year subscription to third-party solution IdentityForce, an identity-theft fraud-monitoring system that also provides $1 million in identity-theft insurance as well as restoration services.