Connect with us

Hi, what are you looking for?


Cyber Insurance

Auto Insurance Giant GEICO Discloses Data Breach

American auto insurance provider GEICO has disclosed a cyber-incident that resulted in driver’s license numbers being compromised.

American auto insurance provider GEICO has disclosed a cyber-incident that resulted in driver’s license numbers being compromised.

A wholly owned subsidiary of Berkshire Hathaway, the Government Employees Insurance Company (GEICO) is the second largest car insurer in the United States, but also offers property insurance.

In a data breach notification to impacted individuals, the company reveals that, between January 21 and March 1, 2021, using customer information acquired elsewhere, fraudsters managed to gain unauthorized access to driver’s license numbers by abusing the online sales system on Geico’s website.

“We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name,” Geico says in a breach notification submitted to the website of California’s Attorney General last week.

According to the company, no other information related to its customers has been compromised in the incident, and there’s no saying whether the stolen data will indeed be used fraudulently, but users should still remain vigilant.

“If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” the company says.

The stolen information could aid attackers in performing fraud or identity theft, but such attempts may be spotted by looking for unauthorized activity in account statements and credit reports.

Advertisement. Scroll to continue reading.

Geico hasn’t provided information on the number of affected customers. SecurityWeek has contacted the company for more details on the matter and will update the article if a reply arrives.

“Companies need to understand that access management is the fundamental control to help IT professionals achieve security, compliance and privacy requirements for their organization’s valuable data in the cloud,” James Herbert, Solution Engineering Manager, OneLogin, said in an emailed comment. 

Herbert added, “In order to protect against the vast quantities of stolen identity information readily available to threat actors, follow these practical tips: activate Multi-Factor Authentication (MFA) and apply contextual risk analysis to detect suspicious behavior to adequately verify a user before providing any sensitive information. Security and access by design remain the key to reducing today’s threat landscape.”

Related: Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA

Related: Air Charter Firm Solairus Aviation Suffers Data Breach

Related: Embedded Software Developer Wind River Discloses Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.