Threat players stole driver license numbers from customers of GEICO insurance for nearly 2 months earlier this year, due to a security defect on its website that has since been fixed.
The 2nd-largest auto insurance provider in the US disclosed the vulnerability in a data breach notice filed earlier in April with the California Attorney General’s office. Companies in that state are required to provide notice of data breaches to the AG within 3 months of their discovery.
Online Sales System
The notice came by letter to clients who may have been affected by the breach signed by Sheila King, Manager for Data Privacy of the GEICO Privacy Team. In it, she wrote that cyber-criminals obtained access to the customer’s driver license from the online sales system using of the company’s website between Jan 21, 2021 & Mar. 1, 2021.
“We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name,” states the letter. “If you receive any mailings from your state’s unemployment agency/department,please review them carefully & contact that agency/department if there is any chance fraud is being committed.”
Security Enhancements
GEICO secured the affected website & investigated the flaw that was allowing information to be exposed as soon as the company became aware of the issue, according to the letter. The company did not disclose the specific nature of the security issue, however.
The company also added “additional security enhancements to help prevent future fraud & illegal activities on our website,” King wrote. Again, no specifics were given on what these enhancements are, & how they will prop-up security on their system.
Federal Benefits
Geico advised customers to review any mailings from their respective state’s unemployment agency, & to contact the agency if there is a chance fraud is being committed. They also offered affected customers a 1-year subscription to 3d-party solution Identity Force, an identity-theft fraud-monitoring system that also provides $1m in identity-theft insurance as well as restoration services.
Exploiting weaknesses on the websites of insurance companies is common practice by threat players who wish to commit fraud by using people’s personal ID info to apply for federal benefits in their name. Earlier in the year, insurance provider
Driver License Numbers
Metromile suffered a similar fate, with fraudsters stealing driver license numbers from its site for 6 months before the bug was identified & fixed.
Insurance companies often are the target of attacks because of the amount of personal information they have about clients, which cyber-criminals can use for various bad purposes.
Phoenix Crypto Locker
In Mar. insurance giant CNA was forced to take systems offline & temporarily close its website due to a novel ransomware attack using a new variant of the Phoenix Crypto Locker malware.
An insurance firm also was among those that fell victim to a series of attacks by the REvil ransomware group earlier this year.
https://www.cybernewsgroup.co.uk/virtual-conference-may-2021/
