Expert(s): Timothy Chiu, Saryu Nayyar, Mark Bower, Rajiv Pimplaskar | Informationsecuritybuzz.com »
TechCrunch has reported that Geico, the second-largest auto insurer in the U.S., has fixed a security bug that let fraudsters steal customers’ driver’s license numbers from its website.
A data breach notice filed with the California attorney general’s office said information gathered from other sources was used to “obtain unauthorized access to your driver’s license number through the online sales system on our website.” According to TechCrunch, Geico did not say how many customers were affected by the breach but said the fraudsters accessed customer driver’s license numbers between January 21 and March 1. Companies are required to alert the state’s attorney general’s office when more than 500 state residents are affected by a security incident. Geico said it had “reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”