November 26, 2024 at 04:37PM
New York’s Attorney General imposed $11.3 million in fines on GEICO ($9.75 million) and Travelers Indemnity Co. ($1.55 million) for inadequate data security that led to cyberattacks exposing personal information of over 116,000 residents. Both companies must enhance cybersecurity measures and protect consumer data moving forward.
Here are the key takeaways from the meeting notes regarding the penalties imposed on GEICO and Travelers by the State of New York:
1. **Companies Penalized**: GEICO has been fined $9.75 million, and Travelers Indemnity Co. will pay $1.55 million for inadequate cybersecurity measures.
2. **Data Breach Impact**: The breaches compromised the personal data of over 12,000 New York residents, specifically driver license numbers, which were subsequently used to file fraudulent unemployment claims during the COVID-19 pandemic.
3. **Regulatory Findings**: Both companies violated state regulations by failing to implement sufficient policies and controls to protect consumer data. This included a lack of comprehensive reviews and security measures following prior incidents.
4. **Nature of Compromises**:
– **GEICO** was attacked in November 2020, leading to a breach of its auto insurance quoting tool. A subsequent incident involved another breach exploiting the quoting tool for insurance agents.
– **Travelers** experienced a breach in April 2021 through a similar attack on its quoting tool, resulting in unauthorized access to driver license numbers.
5. **Cybersecurity Improvements**: Both insurers have agreed to enhance their cybersecurity practices, including:
– Improving protections for private information.
– Conducting comprehensive data inventories.
– Requiring authentication for accessing private data.
– Implementing logging, monitoring, and enhanced threat response procedures.
6. **Remedial Measures**:
– **GEICO** plans to carry out comprehensive risk assessments and penetration testing, along with developing an action plan for identified issues.
– **Travelers** will review its systems and improve access controls to prevent unauthorized access to nonpublic personal information.
7. **Official Statements**: New York Attorney General Letitia James emphasized the importance of cybersecurity in protecting consumers and preventing serious fraud resulting from data breaches.
This summary captures the crucial details regarding the penalties, the impact of the data breaches, and the actions to be taken by GEICO and Travelers moving forward.