GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

2021-04-20 15:59

Threat actors stole driver license numbers from customers of GEICO insurance for nearly two months earlier this year due to a security flaw on its website that has since been fixed.

The second-largest auto insurance provider in the United States disclosed the vulnerability in a data breach notice filed earlier this month with the California attorney general's office.

Companies in the state are required to provide notice of data breaches to the AG within three months of their discovery.

GEICO secured the affected website and investigated the flaw that was allowing information to be exposed as soon as the company became aware of the issue, according to the letter.

Geico advised customers to review any mailings from their respective state's unemployment agency and to contact the agency if there is any chance fraud is being committed.

Earlier in the year insurance provider Metromile suffered a similar fate, with fraudsters stealing driver license numbers from its site for six months before the bug was identified and fixed.

News URL

https://threatpost.com/geico-alerts-hackers-stole-driver-license-data/165493/

#hacker