Breach, Data Security, Government Regulations

Geico, Travelers to pay New York over $11M for data breaches

(Adobe Stock)

Major U.S. auto insurance provider Geico and leading commercial property-casualty insurer Travelers have been ordered by New York state regulators to pay $9.75 million and $1.55 million, respectively, for cybersecurity gaps leading to separate widespread breaches of driver's license numbers later leveraged for fraudulent unemployment benefit claims during the COVID-19 pandemic, according to The Record, a news site by cybersecurity firm Recorded Future.

More than 116,000 New York residents had their driver's license numbers compromised from Geico's systems following the exploitation of its apps' pre-fill functionality and Application Programming Interface, as well as fraudulent policy purchases and claims filing, beginning November 2020, with the insurer only resolving its systems vulnerabilities by March 2021, said regulators. On the other hand, Travelers had driver's license numbers from 3,912 New Yorkers stolen following an attack against a system leveraged by its independent insurance agents, which did not have multi-factor authentication. Such fines for both insurers, which have also been required to adopt scheduled system reviews and penetration testing activities, come after the New York Office of the Attorney General sought an over $1.2 million cybersecurity investment from a ransomware-hit healthcare provider.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds