Geico admits fraudsters stole customer’s driver’s license numbers for months

Geico, the second-largest auto insurance company in the United States, has fixed a security bug that allows fraudsters to steal customer is driver license numbers from its website. In a notice of infringement filed with the California Attorney General’s Office, JICO said the information collected from other sources used to “gain unauthorized access to your driver’s license number through our website’s online sales system.”

The insurance company did not say how many customers were affected by the breach, but said fraudsters used customer driver’s license numbers between January 21 and March 1, and companies need to alert the state’s attorney general’s office when more than 500 state residents are attacked by one security incident. “It was reason to believe that this information could be fraudulently applied in your name for unemployment benefits,” Geico said.

Many financially driven criminals target government agencies using stolen identities or data. However, many U.S. unemployment benefits require an official ID – like a driver’s license – to file. To obtain a driver’s license number, fraudsters take public or previously infringed data and exploit vulnerabilities in auto insurance websites to obtain a customer’s driver’s license number. This allows fraudsters to get unemployment benefits in the name of another person. Earlier this year, San Francisco-based insurance startup Metromile admitted that a bug used on its website to get a driver’s license number for six months before the bug fixed in January.

If you have received correspondence from your own state government and have not filed for unemployment benefits, there is a good chance that your personal data could use fraudulently. Geico representative Christine Tasher did not return multiple requests for comment.