$11.3 M settlement over New Yorkers auto insurance data breaches

Posted 12/31/69

NEW YORK – GEICO and Travelers’ Poor Data Security Allowed Hackers to Steal New Yorkers’ Driver’s License Numbers and Fraudulently Obtain Unemployment Benefits

New York …

This item is available in full to subscribers.

Please log in to continue

Log in

$11.3 M settlement over New Yorkers auto insurance data breaches

Posted

NEW YORK – GEICO and Travelers’ Poor Data Security Allowed Hackers to Steal New Yorkers’ Driver’s License Numbers and Fraudulently Obtain Unemployment Benefits

New York Attorney General Letitia James and New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris  secured $11.3 million in penalties from two auto insurance companies, the Government Employees Insurance Company (GEICO) and The Travelers Indemnity Company (Travelers), for having poor data security which led to the personal information of more than 120,000 New Yorkers being compromised. 

These events were part of an industry-wide campaign by hackers to steal consumers’ personal information, including driver’s license numbers and dates of birth, from online automobile insurance quoting applications, including those used by GEICO and Travelers. The hackers then used some of the stolen driver’s license information to file fraudulent unemployment claims at the height of the COVID-19 pandemic. 

The OAG investigation concluded that the auto insurance companies did not implement sufficient data security controls to protect consumers’ private information. The DFS investigation concluded that the auto insurance companies did not comply with DFS’s cybersecurity regulation that requires them to implement policies, procedures, and controls designed to protect consumer data and the financial institutions themselves. As a result of today’s settlements, GEICO will pay $9.75 million in penalties and Travelers will pay $1.55 million.

Comments

No comments on this item Please log in to comment by clicking here