Geico, one of the largest auto insurer in the United States, has fixed a security bug that had let cyber fraudsters steal the driver's license numbers of its customers from the company's website.
Geico targeted by hackers
In a data breach notice filed with the California attorney general's office, Geico stated that the information gathered from other sources was used to get unauthorized access to customer's driver's license number through the online sales system on the company's website.
According to Tech Crunch, the insurance company did not specify how many customers were affected by the data breach, but stated that the fraudsters accessed customer driver's license numbers between Jan. 21 and Mar. 1.
Companies are required to alert the state's attorney general's office when more than 500 state residents are affected by a security incident, according to Slash Gear.
Geico said that it had a reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.
A lot of criminals that are driven by financial gain target government agencies using stolen data or stolen identities. However, a lot of U.S states require a government ID, like a driver's license, to file for unemployment benefits.
To get a driver's license number, fraudsters take public or previously breached data and exploit weakness in auto insurance websites to obtain a customer's driver's license number. That allows the fraudsters to obtain unemployment benefits in another person's name.
Just earlier this year, San Francisco-based insurance startup called Metromile admitted a bug on its website was used to get driver's license numbers for six months before the bug was fixed.
If you have received correspondence from your state government and have not filed for unemployment benefits, there is a chance that your personal data was used for fraud.
Unemployment scam
Although unemployment scams are not new, it reached its peak last year when the country was forced to shut down due to the coronavirus pandemic. New scams are reported almost every month since then.
Last month, a new phishing scam is targeting unemployed people in New York, stealing their driver's licenses, their Social Security numbers, and other personal information in order to resell it on the dark web, according to CBS News.
Victims are lured with text and email messages that link to a carbon copy of the New York State unemployment website. After a victim enters their username and their password, the fake site asks for high-quality images of sensitive documents.
That gives the cybercriminals access to the person's name, their address, their phone number, date of birth, driver's license number, Social Security number, and email address.
The phishing attack was active for weeks, according to the security researcher at Akamai Technologies, Steve Ragan, who discovered the scam.
The scammers were able to remain anonymous by hiding the fake website behind a proxy server, an intermediary domain that cloaks the originating IP address.
Ragan stated that the documents are widely available on dark web markets, noting that he found Social Security cards related to the scam selling for $1.50 each and driver's licenses selling for $100 each.
One dark web seller that was discovered by Ragan used the personal information of a victim to create a fake driver's license scan. The total cost of the ID package was listed for $130.
The cybersecurity expert added that criminals are making money selling the information as well as committing unemployment fraud.
Related Article: LinkedIn Job Offers Could be Target of New Phishing Campaign Scams
This article is owned by Tech Times
Written by Sieeka Khan
