Driver’s License Numbers Exposed in Geico Breach for Months

California-based vehicle insurance company Geico recently admitted that it had suffered from a data breach earlier this year, allowing threat actors in question to gain unauthorized access to customers’ driver’s licenses for a few months.

Geico is a major car insurance company, with it being the second-largest vehicle insurance company in the United States alone. According to Bleeping Computer, the firm currently handles more than 17 million policies for 28 million cars.

Among the information accessed by the hackers include the driver’s license numbers of policyholders between January 21, 2021, to March 1, 2021, reports Tech Crunch.

Geico Data Breach Driver’s License Numbers Exposed

Based on the data breach notice that Geico filed with the California attorney general’s office dated April 15, 2021, and through the notification email sent out to customers dated April 9, the major auto insurer said that malicious actors were able to “obtain unauthorized access to your driver’s license number through the online sales system on our website.”

In addition to notifying customers about the cybersecurity incident, the company also went on to warn policyholders about its links to fraudulent unemployment claims, saying “We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”

“If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” continued the statement.

Although the company failed to disclose the number of policyholders affected by the data breach, The Verge states that under the existing California law, businesses or individuals are required to notify affected parties about the incident if more than 500 people are involved.

Geico has since said that it had already secured the website and has been at work to “identify the root cause of the incident.” The company has also taken to adding security enhancements to prevent similar events from happening in the future, notes Bleeping Computer.

Class-Action Lawsuit in the Works

Following the cybersecurity matter, Law 360 reveals that a couple, Mark Edward Vennerholm and Reanna Ann Vennerholm from Coronado, California, are looking to hit Geico with a class-action lawsuit in court.

Law 360 states that the couple’s reason for the proposed class-action lawsuit stems from the car insurer’s failure to protect the personal information of customers from being stolen by malicious threat actors. The Vennerholms said that following the data breach, they are at risk for fraudulent activities and scams that might put them at harm.