New York State Attorney General Letitia James and New York State Department of Financial Services Director Adrienne Harris announced on November 25th that GEICO and Travelers, two automobile insurance companies, have reached a settlement agreement with the state government to pay a fine of $11.3 million for failing to maintain data security, leading to the personal information leakage of 120,000 New York customers.
The online automobile insurance quoting applications of GEICO and Travelers were separately targeted in hacker attacks in November 2020 and April 2021, resulting in the theft of personal information such as driver’s license numbers and birth dates of 116,000 and 4,000 New York customers, respectively. Subsequently, hackers used some of the stolen driver’s license information to fraudulently claim unemployment benefits during the peak of the pandemic.
Investigations by the Attorney General’s office and the Department of Financial Services found that both insurance companies failed to implement adequate data security controls to protect consumers’ personal information and did not effectively comply with the Financial Services Department’s Cybersecurity Regulation.
On November 25th, both companies reached a settlement agreement with the state government. GEICO will pay a fine of $9.75 million, with $4.75 million going to the Attorney General’s office and $5 million to the Department of Financial Services. Travelers will pay a fine of $1.55 million, with $350,000 allocated to the Attorney General’s office and $1.2 million to the Department of Financial Services. In addition to the fines, both companies have committed to implementing a series of enhanced cybersecurity measures.
According to Newsweek, GEICO released a statement expressing satisfaction with the settlement reached with the state government. The company stated that upon discovering the hacker attack, they proactively notified the state government to prevent further fraudulent incidents and have since allocated significant resources to improve their systems. Travelers, on the other hand, mentioned that only a small number of customers were affected and that their internal systems were not impacted by this incident. Travelers will continue to strengthen customer information protection to prevent similar incidents in the future.