Computer Security GEICO Exposes Driver License Numbers of Customers in Data...

GEICO Exposes Driver License Numbers of Customers in Data Breach

Insurance company GEICO, which specializes in car insurance, became the victim of a data breach. The company disclosed that earlier in 2021 customer driver's license numbers were exposed for a period of over a month. The data breach notice was filed with the California attorney general's office, as GEICO is headquartered in Chevy Chase, CA.

The company made sure to point out that the security issue which led to the data breach and the exposure of customer license numbers has now been fixed.

The full statement informs that between late January and late March 2021 bad actors managed to secure illegal access to GEICO customers' driver's license numbers, abusing a security flaw in the online sales system of GEICO's website.

The chief issue with this that GEICO outlines in the notice is that the stolen information could be used by fraudsters to apply for unemployment benefits in the name of the drivers' license holder.

Number of Affected Customers Unclear

Curiously, there is no information in the filed notice about whether the data breach affected solely customers residing in California. However, in an article reporting on the data security incident, The Verge stated that according to California laws, a company is legally obligated to submit such a notice when the data breach concerns over 500 CA residents.

The global Covid pandemic has led to a significant uptick in claims for unemployment benefits. Sadly, this means that a lot of fraudulent claims have been made as well. This trend has been going since last year, when people started getting unexpected notifications about benefits even though they never applied for those in the first place.

A part of the issue is that to apply for benefits in a lot of states, all that is required is a driver's license.

The Verge further reported that GEICO did not reply when the website contacted them for further information or comments on the data breach incident.