Click to Skip Ad
Closing in...

If you use this car insurance company, your personal data might’ve just been stolen

Published Apr 21st, 2021 6:18PM EDT
Data breach
Image: Minerva Studio/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The second-largest auto insurer in the US, the one with the cute little gecko from the TV commercials that you’re all familiar with, has been hit by a data breach.

Geico has disclosed that a security incident occurred between January 21 and March 1 of this year, per a notice filed with the California attorney general’s office. Unfortunately, this breach that lasted for a little more than a month appears to have exposed the driver’s license numbers of an unspecified number of Geico customers. The official notice reads, in part: “Fraudsters used information about you — which they acquired elsewhere — to obtain unauthorized access to your driver’s license number through the online sales system on our website. We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”

While we noted that the number of affected customers has not been specified, we do at least know the bare minimum number that’s been affected. According to California law, “any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach” has to also file a notice with the state attorney general’s office. That was done in this case, which implies that more than 500 customers were affected.

Geico’s suspicion is that the driver’s license numbers might be put to use for a specific purpose. The company has told customers that it has “reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.” Though it’s not clear how far they would get, since a number of US states require that a government ID be presented, and not simply a number, when someone files for unemployment benefits. “As soon as GEICO became aware of the issue, we secured the affected website and worked to identify the root cause of the incident,” Geico added in communication with customers about this incident.

“While we regularly maintain high security and privacy standards, we have also implemented — and continue to implement — additional security enhancements to help prevent future fraud and illegal activities on our website.”

This all calls to mind other data breach incidents we’ve covered, including one that we reported back in February, involving word that California state residents may have had their personal data stolen via a cyberattack on a vendor associated with the California Department of Motor Vehicles. According to a warning from the state’s DMV, more than a year’s worth of customer data that includes license plate numbers and individual addresses may have been compromised via the data breach. The breach targeted Automatic Funds Transfer Services, a financial services and data management company that contracts for services with California’s DMV, which the DMV has used to verify car owners’ change of address.

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.