US insurance leader Geico says hackers stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere. The driver's license numbers are believed to have been used "to fraudulently apply for unemployment benefits," Geico reported. Unemployment fraud has skyrocketed since Covid.
The US Labor Department's Office of the Inspector General estimated that between April and September 2020, as much as 10% of the $360 billion spent as part of the CARES Act, the first of three pandemic-related stimulus packages, may have been paid improperly, with a "significant portion attributed to fraud."
Geico's breach was revealed in a notice published by California's Office of the Attorney General. The notice was sent to affected consumers. Organizations in California are required to notify the state of data breaches affecting 500 residents or more. Chevy Chase, Maryland-based Geico did not say how many people were affected or if people living in states other than California were also affected.
The company says the exposure lasted from 21 January to 01 March 2021. Geico did not provide details on the security weakness, only saying it involved "the online sales system on our website." "As soon as Geico became aware of the issue, we secured the affected website and worked to identify the root cause of the incident," the company says. "While we regularly maintain high security and privacy standards, we have also implemented - and continue to implement additional security enhancements to help prevent future fraud and illegal activities on our website."
See: https://redskyalliance.org/xindustry/is-an-instant-insurance-quote-worth-the-loss-of-your-identity
Geico is offering those affected by the breach a prepaid one-year subscription to the identity theft monitoring service IdentityForce. So far, it does not appear the Geico data has turned up on the dark web, says the CTO of Hold Security, a Wisconsin-based consultancy that monitors dark web sources for stolen data.[1]
A decade ago, the exposure of a driver's license number was not as serious an event. But there has been an uptick in cybercriminal interest in driver's license numbers with the onset of pandemic restrictions limiting in-person contact. "Nobody asks you to show up at a physical location, whether it is a bank or an unemployment office," Hold Security says.
Because of the lack of face-to-face interaction, organizations have not been able to ensure that a physical driver's license actually matches a person. Aside from fraudulent unemployment claims, driver's license numbers are useful these days for those seeking to become contractors for delivery services but who lack a valid license. Also, the expiration dates of licenses have been less relevant due to the pandemic. Wisconsin, for example, allowed older people to continue to use expired licenses to reduce physical traffic at renewal facilities.
Since 2017, driver's license data for more than 150 million people in the US has been compromised in data breaches, according to the Identity Theft Resource Center. In November 2020, the insurance software firm Vertafore disclosed unauthorized access to one of its databases that held driver's license data for more than 27 million Texas citizens.
Red Sky Alliance has been has analyzing and documenting these type of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge. Many past tactics are often dusted off and reused in current malicious campaigns. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.bankinfosecurity.com/geico-says-drivers-license-numbers-stolen-from-website-a-16431
Comments