Noblr Reciprocal Exchange

Noblr Reciprocal Exchange, also known as Noblr, operates as an insurance provider headquartered in the United States of America. Its core service involves offering insurance policies, facilitated through an online instant quote platform. This platform processes personal details submitted by potential customers to generate insurance quotes. During this quote generation process, the system interacts with third-party sources to retrieve relevant information, handling sensitive personal data including driver's license numbers. The organisation serves consumers seeking insurance coverage within the US market.

A significant cybersecurity incident impacting Noblr occurred on January 21, 2021. Attackers exploited vulnerabilities within the instant quote platform by inputting pre-obtained personal identifiers. This allowed unauthorized access to sensitive data, specifically driver's license numbers, which were inadvertently exposed within the platform's source code during the automated third-party information retrieval step. The breach potentially exposed policy application documents and impacted approximately 97,600 individuals, including people without direct relationships with Noblr, as attackers used stolen details to illicitly gather further information. Following detection of abnormal activity, Noblr implemented countermeasures including blocking suspicious IP addresses and modifying its platform to prevent further exploitation of the identified vulnerability.