Geico and Travelers Fined $11.3M Over Data Breaches Exposing 120,000 New Yorkers' Information

The penalties follow investigations revealing cybersecurity failures that left sensitive personal data vulnerable to hackers.

Geico will pay $9.75 million and Travelers $1.55 million in penalties after investigations by New York's Department of Financial Services (NYDFS) and Attorney General's office.
More than 120,000 New Yorkers had personal data, including driver's license numbers and birth dates, stolen in breaches linked to both companies.
Geico's breaches began in November 2020, with hackers exploiting flaws in its systems, including an insurance quoting tool, to access sensitive data.
Travelers experienced a breach in April 2021 when hackers used compromised agent credentials to access customer information, highlighting insufficient security measures like the lack of multifactor authentication.
Both companies have agreed to strengthen cybersecurity measures, with Geico self-reporting the issue and committing to improving its systems to prevent future breaches.