Curated Content | Thought Leadership | Technology News

Geico and Travelers Fined $11M for Security Failures Leading to Data Breaches

Data protection overhaul incoming.
Cambron Kelly
Contributing Writer

New York State regulators have fined Geico and Travelers more than $11 million collectively for failing to protect sensitive customer data during a 2020 cyberattack.

Hackers exploited vulnerabilities in the companies’ systems, gaining access to the driver’s license numbers of over 200,000 individuals, including nearly 120,000 New Yorkers. The exposed data was used to file fraudulent unemployment claims, costing the state thousands of dollars at the height of the pandemic.

The penalties, issued by New York Attorney General Letitia James and the State Department of Financial Services (DFS), underscore areas where the insurers’ cybersecurity measures fell short, such as the absence of multi-factor authentication and delayed responses to attacks.

Both companies are now mandated to overhaul their data protection practices and adhere to stricter compliance standards.

Why It Matters: This breach not only compromised sensitive information but also facilitated identity theft and financial fraud during a period of heightened vulnerability. By penalizing Geico and Travelers, regulators aim to reinforce the importance of robust cybersecurity practices, holding corporations accountable for safeguarding customer data in an era of increasing cyber threats.

  • Exploitation of Security Gaps: Hackers targeted Geico’s pre-fill tool and API, accessing over 135,000 driver’s license numbers, including 116,611 from New York residents. Similarly, breaches in Travelers’ broker-access system led to the exposure of nearly 89,000 records, with 3,912 belonging to New Yorkers.
  • Fraudulent Unemployment Claims: The stolen driver’s license data was used to file false unemployment claims with New York’s Department of Labor. While many were flagged as fraudulent before payouts, several claims succeeded, resulting in financial losses for the state.
  • Regulatory Penalties and Mandates: Geico will pay $9.75 million, while Travelers faces $1.55 million in fines. Both companies are required to implement data security programs, conduct annual penetration tests, and create an inventory of systems handling customer information within 60 days.
  • Delayed Responses and Warnings Ignored: Geico failed to act swiftly despite early signs of breaches in 2020, taking months to close security loopholes. Similarly, Travelers delayed investigating its broker-access breaches until late 2021, leaving customer data vulnerable for over a year.
  • Push for Cybersecurity Compliance: The case adds to a series of enforcement actions by New York’s Attorney General, including penalties against healthcare providers and educational institutions.

Go Deeper -> New York fines Geico, Travelers $11 million for exposed driver’s license numbers – The Record

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters