![]() ![]() Geico advised customers to review any mailings from their respective state’s unemployment agency and to contact the agency if there is any chance fraud is being committed. The company also implemented “additional security enhancements to help prevent future fraud and illegal activities on our website,” although no specifics were given. The company did not disclose the specific nature of the security issue, however. GEICO secured the affected website and investigated the flaw that was allowing information to be exposed as soon as the company became aware of the issue, according to the letter. “If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed.” “We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name,” according to the letter. In it, she wrote that cybercriminals obtained access to the customer’s driver license from the online sales system using of the company’s website between Januand March 1, 2021. The notice came in the form of a letter to clients who may have been affected by the breach signed by Sheila King, manager for data privacy of the GEICO Privacy Team. The vulnerability was disclosed in a data breach notice filed earlier this month with the California, where companies are required to provide notice of data breaches to the Attorney General within three months of their discovery. For nearly two months, threat actors stole driver license number from GEICO customers, thanks to a security flaw on the GEICO website that has since been patched. GEICO Insurance, the second largest auto insurance provider in the United States claims that it has fixed a vulnerability that exposed private customer information from its website. The incident is in line with multiple recent studies, which saw a sudden spike in online fraud after the onset of the COVID-19 pandemic and the restrictions that forced many companies to move their business online and rely more and more on their websites.Ī big chunk of these fraud attacks focused on hijacking unemployment benefits from Americans.Ī recent CNBC report said that scammers stole more than $36 billion from Americans via fraudulently filed unemployment benefits.GEICO Warns Customers about Stolen Driver License Dataįriday, April 23rd, 2021 | Cyber Threats, News, News & Media Americans lost $36 billion to unemployment fraud The insurer also didn't reply to TechCrunch, which first broke the news earlier today. ![]() Geico said that as soon as it learned of the incident, it plugged the hole on its website.Ī Geico spokesperson was not available for comment to provide additional details about the attacks and the number of users who had their data exposed in the attack. "If you receive any mailings from your state's unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed," the car insurer said in a data breach notification sent last week. While the incident might look insignificant since only driver's license numbers were exposed, the auto insurer said the data could be abused by attackers to apply for unemployment benefits in the name of some of its customers. Geico said threat actors used information about its users that was already made public elsewhere to exploit a bug in its website and match the public data with that user's driver's license number that Geico had stored inside its internal database. ![]() In a data breach notification filed with the California Office of Attorney General last week, the car insurer said that between January 21 and March 1, 2021, it detected exploitation attempts against its website's online sales system. US car insurer Geico said it plugged a bug on one of its official websites that allowed threat actors to obtain customer driver's license numbers for more than a month. Geico discloses website bug that exposed driver's license numbers ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |