Why Hacking Is Like COVID

Both keep on giving grief.

GEICO, the auto and home insurer, reported being hacked in April. At the time, it said that the data breach was limited, which turns out to be not quite true.

The attackers obtained personally identifiable information (PII, in government-speak) for 132,000 customers. It turns out the attackers could leverage this information to obtain driver’s license numbers for these same customers.

Now this information is being used to create fraudulent applications for unemployment insurance. That opens a Pandora’s box almost beyond imagination:

  1. States will take financial hits for paying claims before they are discovered to be bogus.
  2. As states enhance their fraud detection procedures, legitimate applications may see delays in receiving benefits.
  3. Depending on how widespread fake claims are, this impact economic statistics that are used to determine Fed and Treasury economic policy. That may in fact already have happened.
  4. Taxes that you pay for unemployment insurance may increase to offset losses from fraud. (What, you think insurers carry insurance for this sort of thing?)
  5. Consumers may see tax bills in 2022 for money they never received. The crooks sure aren’t going to pay taxes on what they get.

How do you detect this? You may actually have to go through ALL of your mail, including some of the stuff you might have discarded as junk. You may have mail from the state unemployment office. (Emails will go to a fake account set up by the fraudsters.) If you’re ambitious, you might want to reach out to your state unemployment office to see if there is an account open in your name.

Do not assume that this scam is limited to GEICO customers. Companies are supposed to make customers aware of data breaches, but it’s not clear that all follow the rules. When they do report, they tend to understate the risk to their customers. The speed by which you learn that you’re a victim will minimize the amount of damage you sustain. Further, the bad guys can do more than just make unemployment claims with the information an insurer leaks.

Based on personal experience, you can learn about fraud even before fraud detection services or credit reporting agencies know about it. Which has led to some funny conversations:

ring!

“Good morning, Western Auto. This is Jackie, how may I help you?”

“Hi Jackie. Someone set up a fraudulent account in my name, using an address in South Carolina where I’ve never lived. With whom can I speak about this?”

“Say, what?”

— Based on a real conversation some years ago. The company had a 90-day deferred billing on purchases for new accounts, so had no clue they were being defrauded when I called.

Sources:

  1. https://www.insurancebusinessmag.com/us/news/cyber/geico-at-center-of-new-scam-255626.aspx?utm_source=GA&utm_medium=20210520&utm_campaign=IBAW-Newsletter-20210520&utm_content=623F0AA8-9B78-44C9-AB70-F65B8EB6DBD3&tu=623F0AA8-9B78-44C9-AB70-F65B8EB6DBD3

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.