Blimey! Did you hear about what happened over in the Big Apple? The top brass over at the New York State Department of Financial Services (DFS) and the Attorney General’s office have really been cracking down on a couple of the big motor insurance companies, namely the Government Employees Insurance Company (cheekily known as GEICO), and The Travelers Indemnity Company, or just plain old Travelers to you and me.
The main charge against them? Poor cyber security practices that led to personal data of over 120,000 New Yorkers being pinched off their online car insurance quoting applications. The scammers even went so far as to use the stolen driver’s license details to lodge fraudulent unemployment claims at the peak of the coronavirus pandemic.
This investigation underscored the lack of representative cyber security controls within these two prominent insurance companies. Despite the fact that they underpin a significant part of our daily lives, they flagrantly neglected to implement adequate measures and protocols to safeguard consumer data.
Not wanting to pull any punches, our Attorney General was quoted saying, “yes, GEICO and Travelers do a bang-up job protecting our drivers during an emergency, but crikey, they have really dropped the ball when it comes to safeguarding consumer data.” She went on to say that these data violations could lead to devastating fraud, making it all the more essential for companies to review their cyber security strategies and take data protection more seriously.
The Superintendent over at DFS chimed in saying that the mandate of her department is to guard sensitive consumer data and buttress the resilience of financial institutions. That’s the ticking-off the likes of GEICO and Travelers need. Honestly, with the type of breach they let happen, I’m surprised it didn’t happen sooner.
Around November 2020, GEICO found itself at the receiving end of a series of cyber attacks on its auto insurance quoting tools. Despite being aware of the cyber attack campaign aimed at swiping driver’s license numbers, GEICO didn’t bother to conduct a thorough review of their systems to ward off future attacks. Once they patched up the website vulnerabilities, cunning hackers exploited weaknesses in GEICO’s agents’ quoting tool. The result? Personal details of nearly 116,000 New York residents were laid bare.
Because of these slip-ups, both companies are now required to part with a significant sum in penalties – GEICO is ponying up just over 9 million dollars and Travelers are shelling out 1.55 million dollars. This isn’t just a slap on the wrist, they will also need to pull their socks up and give their cybersecurity measures a complete makeover to ward off future breaches.
As part of the settlement, they will have to maintain a comprehensive data security programme, provide a detailed account of private data they hold, tighten access control to private information and beef-up their threat response strategy. If any good comes out of this debacle, it’s the realisation and acknowledgment that cybersecurity is not something you can shrug off. Look at the lesson here – if even the big dogs can suffer data breaches, then imagine the potential risks for smaller healthcare providers, businesses, and individuals.
So, stay vigilant, friends! For in this connected age, our data is precious and, without necessary precautions, it’s all too vulnerable to these cyber scams. Let this be a wake-up call to instigate better cybersecurity measures and protect ourselves and our privacy. We don’t want to be caught with our trousers down, do we?
by Parker Bytes
