Geico data breach opens door to unemployment scams

Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data.

“If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in a breach notice letter posted to the website of California’s attorney general on April 15.

The perpetrators of the breach used personal information on Geico customers that they acquired elsewhere to access Geico’s sales system and steal the driver’s license numbers, according to King. Geico has taken “additional security enhancements” to guard against fraud on its website in light of the incident, King added.

It was unclear how many people were affected by the breach. Geico did not respond to multiple requests for comment.

Fraud has been a recurring issue during the coronavirus pandemic as states distribute billions of dollars through relief programs. A Nigerian crime network committed fraud against multiple state unemployment insurance programs, “with potential losses in the hundreds of millions of dollars,” independent journalist Brian Krebs reported last May, citing a Secret Service notice.

The collection and sale of drivers’ personal data has itself been a source of privacy concerns. The California DMV alone has made $50 million a year from the sale of driver information to third parties, according to a report from Vice’s Motherboard.