A safety flaw allowed “fraudsters” to steal driver’s license numbers from Geico’s on-line gross sales system, in keeping with a data breach notice filed with the California legal professional normal’s workplace. Geico has since fastened the vulnerability, which went unnoticed for over a month, however asks that clients look out for fraudulent unemployment purposes.
The trigger for this information breach continues to be unclear. Geico states that its on-line gross sales system was compromised utilizing information gathered “elsewhere,” which might suggest that hackers broke into accounts utilizing login data or private information leaked from different web sites. Nonetheless, Geico says that it fastened the issue, so there could have been a bug in its gross sales system—the insurer’s report is simply too obscure.
From the Geico information breach discover:
We lately decided that between January 21, 2021 and March 1, 2021, fraudsters used details about you –which they acquired elsewhere — to acquire unauthorized entry to your driver’s license quantity via the web gross sales system on our web site. Now we have motive to imagine that this data could possibly be used to fraudulently apply for unemployment advantages in your identify. In the event you obtain any mailings out of your state’s unemployment company/division, please overview them fastidiously and phone that company/division if there’s any probability fraud is being dedicated.
Unemployment fraud is a standard type of identification theft that requires a driver’s license and different personally-identifying data. The truth that Geico’s is laser-focused on unemployment fraud is regarding, and means that hackers broke into the web gross sales system utilizing clients’ private data.
However once more, we don’t know what occurred as a result of Geico’s discover is simply too obscure. Geico hasn’t introduced (or doesn’t know) what number of U.S. residents have been affected by the breach, although the quantity could possibly be fairly massive. Firms are solely required to inform the California legal professional normal’s workplace when over 500 state residents are affected by an information breach—and once more, that’s simply individuals who reside in California.
In the event you’re a Geico buyer, preserve an eye fixed out for any mail out of your state unemployment workplace. Geico says that it doesn’t know in case your driver’s license quantity was stolen from its web site, although it will provide you with a yr of IdentityForce identity-theft safety and insurance coverage if a fraudster information for unemployment underneath your identify.