geico admits fraudsters stole customers’ driver’s license numbers for months
Geico Addresses Security Vulnerability Affecting Driver’s License Data
Geico, the nation’s second-largest auto insurance provider, has resolved a security flaw that permitted unauthorized access to customers’ driver’s license numbers via its website.
Details of the Data Security Incident
A notice regarding the data breach, submitted to the California Attorney General’s office, indicates that information compiled from external sources was leveraged to gain illicit access to driver’s license numbers through the company’s online sales platform.
While the precise number of impacted customers remains undisclosed, Geico confirmed that fraudulent activity occurred between January 21st and March 1st. California law mandates notification to the Attorney General’s office when a security incident affects over 500 state residents.
Potential for Unemployment Benefit Fraud
Geico has expressed concern that the compromised information may be utilized for fraudulent applications for unemployment benefits. This is a growing trend among financially motivated cybercriminals.
Exploitation of Driver’s License Data
Criminals frequently target government institutions using stolen identities and data. Many states necessitate a government-issued identification, such as a driver’s license, to process unemployment claims.
Fraudsters often combine publicly available or previously compromised data with vulnerabilities in websites like those of auto insurers. This allows them to acquire driver’s license numbers and subsequently file for unemployment benefits under another individual’s name.
Similar Incident at Metromile
This incident mirrors a recent event involving Metromile, an insurance startup based in San Francisco. The company acknowledged a bug on its website that enabled the theft of driver’s license numbers over a six-month period, prior to being patched in January.
What Customers Should Do
If you have received official communication from your state government regarding unemployment benefits, despite not having filed a claim yourself, it is highly probable that your personal information has been misused.
Requests for comment directed to Geico spokesperson Christine Tasher were not answered.
Zack Whittaker
Contacting Zack Whittaker
Zack Whittaker currently serves as the security editor for TechCrunch, a prominent technology news outlet.
In addition to his editorial role, he is the author of "this week in security," a regularly distributed cybersecurity newsletter.
Methods of Communication
For secure communication, Zack can be contacted via encrypted messaging through Signal, using the username zackwhittaker.1337.
Alternative contact methods include email. His official TechCrunch email address is zack.whittaker@techcrunch.com.
To ensure the legitimacy of any outreach, verification can be requested through the aforementioned email address.
Important Note: Utilizing the email address provides a means to confirm the authenticity of communications purportedly from Zack Whittaker.