Data breach in major car insurance company; thousands of driver’s licenses exposed

A cybersecurity report indicates that Geico, one of the most important car insurers in the U.S., had to correct a software error on its website that would have allowed threat actors to steal their customers’ driver’s license information.

In compliance with current California laws, the company filed a data breach notice with the state attorney general’s office. In this report, Geico mentions that the information was collected from multiple sources and that the goal of hackers was to gain unauthorized access to confidential records stored by the company.

The insurer did not specify the number of customers affected during this incident, although it mentions that the perpetrators of this intrusion accessed the driver’s licenses stored by Geico between January 21 and March 1 of this year.

The company concluded its report by mentioning that its security teams have reason to believe that this information could be used to perform multiple bank frauds on behalf of affected users.

One of the most recent criminal tendencies is the use of stolen personal data to deceive banks or government agencies, mainly those that provide financial support to certain sectors of the population.  For example, to obtain driver’s license numbers, threat actors may use public data or obtained in previous data breaches, using this information to abuse some failures on legitimate platforms and extract sensitive information. Geico spokesperson Christine Tasher has not added any updates.

This is not the only similar incident that occurred recently. In January of this year, insurance company Metromile acknowledged the detection of a flaw on its website that resulted in the leaking of license numbers collected during the six months prior to the incident. The insurer was quick to implement the necessary measures to prevent subsequent incidents at the risk of fraud against affected users.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.