Table of Contents
  • Home
  • /
  • Blog
  • /
  • Cybersecurity Lapses Cost GEICO and Travelers Over $11M in Fines
November 28, 2024
|
3m

Cybersecurity Lapses Cost GEICO and Travelers Over $11M in Fines


GEICO, Travelers Fined $11.3M for Data Breaches

In a stark reminder of the importance of cybersecurity, two major auto insurance companies, GEICO and Travelers, have been fined $11.3 million by New York State authorities for failing to protect the sensitive information of over 120,000 New Yorkers. The fines, announced on November 25, 2024, highlight significant lapses in the companies' data security protocols that enabled hackers to access personal information including driver's license numbers, dates of birth, and insurance estimates.

GEICO, a subsidiary of Berkshire Hathaway Inc., was hit with a staggering $9.75 million penalty. The breach began in November 2020 when hackers exploited vulnerabilities in GEICO's online quoting tools. Despite being warned by the New York State Department of Financial Services (DFS) about an industry-wide cyberattack campaign targeting driver's license numbers, GEICO failed to implement sufficient security measures. This led to the exposure of approximately 116,000 New York residents' personal information through GEICO's insurance agents' quoting tool. Attackers used the stolen data to file fraudulent unemployment claims during the COVID-19 pandemic, underscoring the real-world consequences of such breaches.

Travelers Cos. Inc. was not spared, agreeing to pay $1.55 million in penalties for a similar cybersecurity lapse. In April 2021, hackers accessed Travelers' agent portal using compromised credentials, which lacked multifactor authentication. The breach went undetected for over seven months, exposing the personal information of about 4,000 New Yorkers. The incident was only discovered after a third-party data provider alerted Travelers, emphasizing the need for robust detection systems.

As part of the settlement agreement, both companies have committed to significant enhancements in their cybersecurity practices:

  • Comprehensive Cybersecurity Programs: GEICO and Travelers must maintain comprehensive information security programs to protect consumer data's security, confidentiality, and integrity.

  • Data Inventories: Both insurers will develop and maintain a detailed inventory of private information, ensuring it is safeguarded with appropriate controls.

  • Authentication Procedures: Reasonable authentication procedures for access to private information are to be put in place to prevent unauthorized access.

  • Logging and Monitoring: The companies will maintain logging and monitoring systems to detect and respond to suspicious activities promptly.

  • Threat Response: Enhancing threat response procedures is crucial to mitigate future breaches swiftly.

The settlements reflect New York State's commitment to enforcing cybersecurity regulations. Attorney General Letitia James and DFS Superintendent Adrienne Harris have been vocal about the need for companies to prioritize data protection:

"While GEICO and Travelers are supposed to safeguard drivers during emergencies, they have failed to secure consumers' private data," said Attorney General James. "Data breaches can lead to significant fraud, and that is why it is crucial for all businesses to prioritize cybersecurity and data protection."

Visit our website to get cybersecurity updates like this, thesecmaster.com, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive tips like this. 

You may also like these articles:

Anthony Denis

Anthony Denis a Security News Reporter with a Bachelor's in Business Computer Application. Drawing from a decade of digital media marketing experience and two years of freelance writing, he brings technical expertise to cybersecurity journalism. His background in IT, content creation, and social media management enables him to deliver complex security topics with clarity and insight.

Recently added

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe