Click to Skip Ad
Closing in...



If you use this car insurance company, your personal data might’ve just been stolen

Data breach

The second-largest auto insurer in the US, the one with the cute little gecko from the TV commercials that you’re all familiar with, has been hit by a data breach.

Geico has disclosed that a security incident occurred between January 21 and March 1 of this year, per a notice filed with the California attorney general’s office. Unfortunately, this breach that lasted for a little more than a month appears to have exposed the driver’s license numbers of an unspecified number of Geico customers. The official notice reads, in part: “Fraudsters used information about you — which they acquired elsewhere — to obtain unauthorized access to your driver’s license number through the online sales system on our website. We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”

Today's Top Deal Amazon just kicked off a massive new sale — see all the best deals right here! Price:See Today's Deals! Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

While we noted that the number of affected customers has not been specified, we do at least know the bare minimum number that’s been affected. According to California law, “any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach” has to also file a notice with the state attorney general’s office. That was done in this case, which implies that more than 500 customers were affected.

Geico’s suspicion is that the driver’s license numbers might be put to use for a specific purpose. The company has told customers that it has “reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.” Though it’s not clear how far they would get, since a number of US states require that a government ID be presented, and not simply a number, when someone files for unemployment benefits. “As soon as GEICO became aware of the issue, we secured the affected website and worked to identify the root cause of the incident,” Geico added in communication with customers about this incident.

“While we regularly maintain high security and privacy standards, we have also implemented — and continue to implement — additional security enhancements to help prevent future fraud and illegal activities on our website.”

This all calls to mind other data breach incidents we’ve covered, including one that we reported back in February, involving word that California state residents may have had their personal data stolen via a cyberattack on a vendor associated with the California Department of Motor Vehicles. According to a warning from the state’s DMV, more than a year’s worth of customer data that includes license plate numbers and individual addresses may have been compromised via the data breach. The breach targeted Automatic Funds Transfer Services, a financial services and data management company that contracts for services with California’s DMV, which the DMV has used to verify car owners’ change of address.

Today's Top Deal Amazon just kicked off a massive new sale — see all the best deals right here! Price:See Today's Deals! Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.




Popular News