November 26, 2024 at 06:15AM
Geico and Travelers were fined $11 million in New York for data breaches affecting over 120,000 individuals. Geico’s quoting tools were exploited in cyberattacks, while Travelers’ agent portal lacked multi-factor authentication. Both companies failed to implement adequate security measures and will enhance their cybersecurity practices as part of their settlements.
### Meeting Takeaways:
1. **Data Breaches and Fines**:
– Geico and Travelers were fined a total of $11 million by New York authorities due to data breaches affecting over 120,000 individuals.
2. **Geico’s Compromise**:
– Geico’s quoting tools faced multiple cyberattacks starting November 2020, resulting in the theft of personal information, including driver’s license numbers, compromising around 116,000 individuals.
– Despite receiving alerts regarding an industry-wide hacking campaign, Geico failed to implement adequate protective measures for their systems.
3. **Impact of Stolen Data**:
– Some of the stolen information was misused to file fraudulent unemployment claims during the COVID-19 pandemic.
4. **Travelers’ Incident**:
– Travelers experienced a data breach in April 2021 through its insurance agent portal, where attackers accessed information using stolen credentials and without multi-factor authentication (MFA).
– Approximately 4,000 individuals were affected, and the breach was discovered seven months later via a third-party notification.
5. **Investigations and Findings**:
– Both companies were found to have inadequate security controls and non-compliance with regulations concerning the protection of customer information.
6. **Settlements and Future Actions**:
– Geico agreed to settle for $9.75 million, while Travelers settled for $1.55 million.
– Both companies will enhance their cybersecurity measures, including developing comprehensive information security programs, conducting data inventories, improving authentication processes, and enhancing logging, monitoring, and threat response procedures.