Skip to main content

Geico, the insurance company known for its cheeky gecko mascot, just got slapped with a hefty $9.75 million fine for a serious data security failure. The New York State Attorney General says the company didn’t do enough to protect sensitive customer info, leaving tens of thousands of New Yorkers exposed to cyberattacks.

From 2020 through 2021, hackers had a field day targeting Geico’s online tools used for insurance quotes. They exploited weaknesses both on the company’s website and quoting tools used by agents. The result? Over 116,000 New Yorkers had their personal info, including driver’s license numbers, stolen.

Even worse, some of that stolen data was later used to file fraudulent unemployment claims during the COVID-19 pandemic.

The New York State Attorney General, Letitia James, and the Department of Financial Services (DFS) Superintendent, Adrienne A. Harris, aren’t letting Geico off the hook. In their investigations, they found that Geico failed to take basic steps to secure its systems. What’s more, they failed even after being warned about an industry-wide campaign of cyberattacks. Instead of taking a hard look at their vulnerabilities, Geico left their virtual doors wide open.

“GEICO and Travelers offer drivers protection during times of emergencies, but these companies failed to protect consumers’ personal information. Data breaches can lead to serious fraud, and that is why it is important for all companies to take cybersecurity and data protection seriously,” James said in the press release.

Geico isn’t the only insurer in trouble.

Travelers, another big name in the insurance industry, also faced a breach. Hackers used compromised agent credentials to access personal data from about 4,000 New Yorkers. Travelers was fined $1.55 million for its own cybersecurity shortcomings, including failing to implement multifactor authentication.

The fallout doesn’t stop at fines. The New York State Attorney General’s Office says Both Geico and Travelers must beef up their cybersecurity measures. They’re required to overhaul their systems, adopt stronger authentication protocols, and run risk assessments to avoid future breaches.

Related

The Tesla Model X Is the Worst Electric Car You Should Never Buy

Best in Tips, Tricks & Trends
Avatar photo
Editor-in-Chief

Sarah Kennedy

Sarah Kennedy is the Editor-in-Chief of MotorBiscuit. She joined the team as Managing Editor in 2021 and has more than 20 years of automotive and operations expertise. She held ASE certifications as an Automotive Service Consultant and Parts Specialist and was a licensed car salesperson for many years. Sarah often focuses on helping drivers navigate used car buying and vehicle ownership. She created “Shop Smarts,” a column for MOTOR Magazine, and was a contributor there for eight years. Her work earned her a Gold Medalist award from the American Society of Business Publication Editors in 2014 and Bronze Medalist awards from the International Automotive Media Competition in 2014 and 2015. She attended the Automotive Management Institute and earned her bachelor’s degree from The Ohio State University.

Want more news like this? Add MotorBiscuit as a preferred source on Google!
Preferred sources are prioritized in Top Stories, ensuring you never miss any of our editorial team's hard work.
Add as preferred source on Google