New York imposes fines amounting to $11.3 million on Geico and Travelers for data privacy violations during the pandemic period.
In a recent settlement, insurance giants GEICO and Travelers have agreed to pay a combined sum of $11.3 million in fines for data breaches related to their online insurance quoting systems. The New York Attorney General and the New York Department of Financial Services (NYDFS) announced the settlement on November 25, 2024.
The exact nature of the attacks and the personal data stolen in these breaches are not fully disclosed. However, it is understood that hackers gained unauthorized access to sensitive customer information through vulnerabilities in the online systems of both companies.
In the case of GEICO, New York officials allege that the company failed to protect prospective customers' driver's license numbers on its internal systems. Meanwhile, hackers used compromised credentials to access Travelers' agent portal, with the breach going undetected for over seven months.
Both GEICO and Travelers have acknowledged the importance of data security and have committed to strengthening their cybersecurity practices. GEICO has made improvements to its systems to prevent additional exploitation by fraudsters, while Travelers is also working to prevent future attacks.
The settlement likely includes measures for both companies to enhance their cybersecurity practices. These measures may include improving data encryption, conducting regular security audits, and enhancing customer notification protocols in the event of future breaches. However, specific details from the settlement are not publicly disclosed.
GEICO has taken the breach seriously, self-reporting the issue to New York state officials when it was identified. Similarly, Travelers stated that protecting the information of all stakeholders is a top priority.
It is worth noting that this is not the first time either company has been involved in a data breach. A similar attack on Travelers' tool occurred early in 2021, and a cyberattack targeted Geico's auto insurance quoting tools in late 2020.
The strengthened practices agreed upon by GEICO and Travelers include maintaining logs, safeguarding private information with authentication, and enhancing threat response procedures. These measures are crucial in the ongoing fight against cybercrime and the protection of customer data.
In light of the recent settlement, both GEICO and Travelers are expected to reinforce cybersecurity measures, focusing on improving data encryption, conducting regular security audits, and enhancing customer notification protocols to prevent future data breaches. The cyberattacks on GEICO's and Travelers' systems, involving unauthorized access to sensitive customer information, have once again highlighted the importance of robust cybersecurity practices in the finance and technology sectors, particularly in the field of general-news.
