Cyber Incident Victim: Noblr Reciprocal Exchange

On January 21, 2021, Noblr Reciprocal Exchange’s web team detected a surge in incomplete insurance quotes through its public-facing instant quote platform, triggering an internal investigation. The platform allowed users to input basic personal details (name and date of birth) to generate tailored quotes by automatically retrieving additional information—including driver’s license numbers—from a third-party service provider. Investigators determined attackers had exploited this process by submitting pre-obtained names and birthdates to harvest driver’s license numbers, which were inadvertently exposed in the webpage’s source code. The attackers’ activity suggested they already possessed consumers’ identifying information prior to targeting Noblr’s system. Between January 21 and January 27, Noblr’s security team identified that threat actors could also access full policy application documents by completing the quote process, potentially exposing further personal data.

Noblr initiated containment measures on January 25 by blocking suspicious IP addresses linked to the anomalous activity. By January 27, after confirming driver’s license number theft, the company modified its quote platform to prevent further unauthorized access. The breach impacted 97,633 individuals, including consumers with no prior relationship to Noblr, as attackers could input any person’s details into the system. Notifications began on May 14, 2021, advising affected parties that compromised data stemmed from the automated third-party retrieval process. Noblr did not disclose whether additional personal information beyond driver’s license numbers was exfiltrated or specify the identity of the third-party provider involved in the quote system. The incident highlighted vulnerabilities in automated data aggregation features and the risks of source code exposure.