Threat actors stole driver license numbers from customers of GEICO insurance for nearly two months earlier this year due to a security flaw on its website that has since been fixed.
The second-largest auto insurance provider in the United States disclosed the vulnerability in a data breach notice filed earlier this month with the California attorney general’s office. Companies in the state are required to provide notice of data breaches to the AG within three months of their discovery.
The notice came in the form of a letter to clients who may have been affected by the breach signed by Sheila King, manager for data privacy of the GEICO Privacy Team. In it, she wrote that cybercriminals obtained access to the customer’s driver license from the online sales system using of the company’s website between January 21, 2021 and March 1, 2021.
“We have reason to believe that this information could be used to fraudulently apply forunemployment benefits in your name,” according to the letter. “If you receive any mailings from your state’s unemployment agency/department,please review them carefully and contact that agency/department if there is any chance fraud is being committed.”
GEICO secured the affected website and investigated the flaw that was allowing information to be exposed as soon as the company became aware of the issue, according to the letter. The company did not disclose the specific nature of the security issue, however.
The company also implemented “additional security enhancements to help prevent future fraud and illegal activities on our website,” King wrote in the letter. Again, no specifics were provided on what these enhancements are and how they will shore up security on the system.
Geico advised customers to review any mailings from their respective state’s unemployment agency and to contact the agency if there is any chance fraud is being committed. The company also offered affected customers a one-year subscription to third-party solution IdentityForce, an identity-theft fraud-monitoring system that also provides $1 million in identity-theft insurance as well as restoration services.
Exploiting weaknesses on the websites of insurance companies is a common practice of threat actors who want to commit fraud by using people’s personal ID info to apply for federal benefits in their name. Earlier in the year, in fact, insurance provider Metromile suffered a similar fate, with fraudsters stealing driver license numbers from its site for six months before the bug was identified and fixed.
Indeed, insurance companies often are the target of attacks because of the wealth of personal information they possess about their clients, which cybercriminals can use for various nefarious purposes. Last month insurance giant CNA was forced to take systems offline and temporarily shutter its website due to a novel ransomware attack using a new variant of the Phoenix CryptoLocker malware. An insurance firm also was among those that fell victim to a series of attacks by the REvil ransomware group earlier this year.
Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a FREE Threatpost event, “Underground Markets: A Tour of the Dark Economy.” Experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. Register here for the Wed., April 21 LIVE event.