If you’re a Geico customer, check your mail and inbox.
Some Geico customers were notified in April that their personal information – specifically their drivers license number – had been compromised in a data breach caused by a security bug on the insurer’s website, TechCrunch’s Zack Whittaker first reported.
Geico directly notified some customers on April 9 that “fraudsters used information about you – which they acquired elsewhere – to obtain unauthorized access to your driver’s license number through the online sales system on [Geico’s] website.”
The breach, Geico said, occurred between January 21 and March 1 of this year. Geico said it has since secured its website from the vulnerability.
The insurer warned that fraudsters would likely use the license numbers to fraudulently apply for unemployment benefits, which often require a state ID.
A Geico spokesperson did not immediately respond to a request for comment on the number of customers affected and whether the data had been tied to confirmed cases of unemployment fraud.
In the notice sent to customers who were affected, Geico urged vigilance and offered a one-year subscription to IdentifyForce, an “identity-theft protection service.” Geico said in the notice that it did not know for certain whether the customer’s drivers license number had been fraudulently used, but that it was a possibility.
Unemployment fraud has spiked as unemployment claims increased during the pandemic, an AP report in February found. By November of last year, the US Department of Labor’s Office of Inspector General estimated that states paid out up to $36 billion in “improper benefits,” with much of the impropriety attributed to fraud, according to the report.