Geico filed a data breach notice with the California attorney general’s office, admitting that fraudsters stole customers’ driver’s license numbers from its website. In the notice, discovered by TechCrunch, the U.S. auto insurance titan said that from Jan.21 to March 1 of this year, bad actors infiltrated its website using customer information they acquired elsewhere. They then accessed the victims’ driver’s license information through the website’s online sales system.
The company did not say how many individual license details were stolen. As TechCrunch Note, however, the California AG office requires entities to file a data breach notice when at least 500 residents have been affected by a security incident. Geico says he has reason to believe fraudsters could use the stolen information to claim unemployment benefits on their behalf. Authorities usually need government identification, such as a driver’s license, to be able to apply for unemployment – this means names and addresses stolen from other sources would not be enough.
Geico explained that he secured his website and made an effort to identify the root cause of the incident as soon as he became aware of the problem. However, he did not disclose what that root cause was in the notice. He wrote in the notice he sends to affected clients: “If you receive any correspondence from your state’s unemployment agency / department, please review them carefully and contact that agency / department if there is a possibility. of fraud. ” The company is also offering affected customers a one-year subscription to IdentityForce to protect against identity theft.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.