Insurance company Geico suffered a data breach earlier this year that exposed customers’ driver’s license numbers for more than a month, according to a data breach notice filed with the attorney general of California. First reported by TechCrunch, Geico says in the notice that it has fixed the security issue that led to the breach.
“We recently determined that between January 21, 2021 and March 1, 2021, fraudsters used information about you – which they acquired elsewhere – to obtain unauthorized access to your driver’s license number through the online sales system on our website,” the notice reads. “We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name.”
The notice does not indicate how many customers may have been affected or whether the breach was confined to California. But California law states that “any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach” must submit a copy of the notice to the attorney general’s office.
State unemployment offices have been inundated with claims over the past year, with millions of people unemployed due to the coronavirus pandemic. Some states reported a sharp rise in fraudulent claims last spring, which were discovered when people began receiving notifications about unemployment benefits for which they never applied. Most US states require identification such as a driver’s license to file for unemployment benefits.
Geico did not immediately reply to requests for comment from The Verge on Monday.