[BreachExchange] Geico data breach exposed customers’ driver’s license numbers for more than a month

[Destry Winant]

https://www.theverge.com/2021/4/19/22392566/geico-data-breach-exposed-customer-drivers-license-numbers-security

Insurance company Geico suffered a data breach earlier this year that
exposed customers’ driver’s license numbers for more than a month,
according to a data breach notice filed with the attorney general of
California. First reported by TechCrunch, Geico says in the notice
that it has fixed the security issue that led to the breach.

“We recently determined that between January 21, 2021 and March 1,
2021, fraudsters used information about you – which they acquired
elsewhere – to obtain unauthorized access to your driver’s license
number through the online sales system on our website,” the notice
reads. “We have reason to believe that this information could be used
to fraudulently apply for unemployment benefits in your name.”

The notice does not indicate how many customers may have been affected
or whether the breach was confined to California. But California law
states that “any person or business that is required to issue a
security breach notification to more than 500 California residents as
a result of a single breach” must submit a copy of the notice to the
attorney general’s office.

State unemployment offices have been inundated with claims over the
past year, with millions of people unemployed due to the coronavirus
pandemic. Some states reported a sharp rise in fraudulent claims last
spring, which were discovered when people began receiving
notifications about unemployment benefits for which they never
applied. Most US states require identification such as a driver’s
license to file for unemployment benefits.

Geico did not immediately reply to requests for comment from The Verge
on Monday.