In the latest occurrences, the Geico organization had reportedly fallen prey to a cyber breach incident that lasted for months.

The Geico Data Breach:

The Geico organization, which stands for Government Employees Insurance Company, is an American auto insurance company that is the country’s second-largest auto insurer.

Detailing the data breach incident, Geico announced that malicious actors had gained unauthorized access to its customer accounts.

The timeline of the Geico data breach is reported to be from January 21st to March 1st.

The Role of Hacker Forums:

While it’s relatively alarming to note that the data breach went in for so long, Geico established that the company itself was not a victim of the cyber attack.

Instead, the malicious actors had reportedly utilized the credentials that were harvested or stolen from other sources, particularly hacking forums.

It is evident that this revelation is not a farce.

Time and again, it is observed that hacker forums that exist of the dark web marketplaces.

One can openly find such hacking forums swarming with user IDs, email addresses, and passwords that many have been leaked as a consequence of older data breaches or poor cybersecurity practices.

Also read,

It is commonly observed that hackers and malicious actors routinely implement password re-use since it yields them better hacking success rates as a result of users mostly using their old passwords for a majority of accounts.

Ongoing Analysis:

Geico has also noted that the unauthorized party had gained access to very limited data and that only license numbers were accessed and is still investigating the matter.

However, Geico is yet to determine whether the stolen license numbers have been put to any malicious activities or ill-use, as of now. 

To help protect victims of the data breach, the company has offered a year of identity protection and full restoration services through Massachusetts-based IdentityForce.