Geico suffered a data breach earlier this year that led to customers’ driver’s license numbers being exposed for more than a month.
In a data breach notice, the motor vehicle insurer said it fixed the security issue immediately after becoming aware of it. However, there’s still some risk that fraudsters could apply for unemployment benefits using the stolen data.
“We recently determined that between January 21, 2021 and March 1, 2021, fraudsters used information about you – which they acquired elsewhere – to obtain unauthorized access to your driver’s license number through the online sales system on our website,” the company wrote in the breach notice. “We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”
Geico said the hackers behind the breach used personal information about Geico customers that they pilfered from other places in order to gain access to Geico’s sales system and steal the driver’s license numbers.
“As soon as GEICO became aware of the issue, we secured the affected website and worked to identify the root cause of the incident. While we regularly maintain high security and privacy standards, we have also implemented—and continue to implement—additional security enhancements to help prevent future fraud and illegal activities on our website,” the notice said.
The company said it isn’t sure how many customers were affected by the breach or if the scope of the incident extends beyond California. Customers with security concerns can get a one-year subscription to IdentityForce -- an identity-theft protection service. The insurance company is also encouraging its customers to vigilantly look at account statements and credit reports to ensure that there is no unauthorized activity.
“If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in the breach notice.