Things are looking pretty rough for GEICO, as not only did the insurer recently suffer a data breach, but it was also discovered that the hackers responsible are using consumers’ compromised information to fraudulently apply for unemployment benefits.
The breach was first disclosed to customers in April. GEICO claimed that no other information but customers’ driver’s license numbers were leaked; at the time, it did not reveal the exact number of customers affected by the breach.
But in a recent notice sent to customers, GEICO said that a security flaw allowed malicious actors to copy the personally identifiable information (PII) of approximately 132,000 customers between January 21 and March 01.
The insurer also warned customers that the cyberattack perpetrators had also begun to abuse the information they stole.
“We determined that … fraudsters used information about you which they acquired elsewhere to obtain unauthorized access to your driver’s license number through the online system on our website,” GEICO said in the notice.
“We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name,” the insurer outlined in its notice, adding that if a customer receives any mailings from their state’s unemployment agency, they have been advised to review the documents carefully to determine if any fraud had occurred.
GEICO also explained that it immediately acted to secure the data breach as soon as it was detected, and that it made “additional security enhancements” to mitigate fraud attempts.
ConsumerAffairs reported that GEICO is offering customers affected by the breach a complimentary one-year subscription to identity theft protection services by IdentityForce.