Cyber Incident Victim: Government Employees Insurance Company
Date:
Jan 2021
Location:
United States of America
Summary
A major U.S. auto insurer experienced a data breach where attackers exploited a vulnerability in its website to steal policyholders' driver's license numbers over several weeks. The unauthorized access leveraged information obtained from external sources to target the company's online sales system, potentially enabling fraudulent unemployment benefit applications using victims' identities. Following discovery, the insurer secured its systems, initiated an investigation, and implemented additional security measures. While specific impacted individuals remained unidentified at the time of reporting, the company offered affected customers identity protection services and advised vigilance regarding suspicious unemployment-related communications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Geico data breach occurred between January 21, 2021, and March 1, 2021, when unauthorized actors exploited a vulnerability in the company’s online sales system. Attackers utilized personal information acquired from external sources to gain illicit access to policyholders’ driver’s license numbers. Geico, which insured over 24 million vehicles for more than 15 million customers as of 2017, confirmed the intrusion allowed threat actors to harvest sensitive data for approximately six weeks. The company identified the breach after discovering fraudulent activity targeting its web infrastructure, though the exact detection method remained undisclosed. Upon investigation, Geico determined the compromised data could facilitate fraudulent unemployment benefit applications in victims’ names due to the value of driver’s license information in identity verification processes. The breach notification filed with the California Attorney General emphasized that attackers leveraged pre-existing personal data from unrelated incidents to bypass security controls. No banking details, Social Security numbers, or insurance policy information were confirmed as compromised in this incident.
Geico secured its website immediately upon discovering the breach and initiated an internal investigation to identify the root cause. The company implemented unspecified additional security measures to prevent future fraudulent activities on its digital platforms. While the total number of affected individuals remained undetermined as of April 2021, Geico offered all customers a complimentary one-year subscription to IdentityForce for identity theft monitoring. The insurer advised policyholders to monitor communications from state unemployment agencies and report suspicious activity. No ransomware involvement or financial demands were disclosed in available reports. Geico did not confirm whether law enforcement agencies were investigating the incident but characterized the attackers as external fraudsters rather than state-sponsored actors. The breach’s primary operational impact centered on potential unemployment fraud risks rather than direct financial theft from customer accounts.