Geico data breach opens door to unemployment scams

The scammers used personal information on Geico customers acquired elsewhere to access Geico’s sales system, the insurer said.

Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data.

“If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in a breach notice letter posted to the website of California’s attorney general on April 15.

The perpetrators of the breach used personal information on Geico customers that they acquired elsewhere to access Geico’s sales system and steal the driver’s license numbers, according to King. Geico has taken “additional security enhancements” to guard against fraud on its website in light of the incident, King added.

It was unclear how many people were affected by the breach. Geico did not respond to multiple requests for comment.


Fraud has been a recurring issue during the coronavirus pandemic as states distribute billions of dollars through relief programs. A Nigerian crime network committed fraud against multiple state unemployment insurance programs, “with potential losses in the hundreds of millions of dollars,” independent journalist Brian Krebs reported last May, citing a Secret Service notice.

The collection and sale of drivers’ personal data has itself been a source of privacy concerns. The California DMV alone has made $50 million a year from the sale of driver information to third parties, according to a report from Vice’s Motherboard.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts