A threat actor identified as ‘wangfei19860902055’ recently advertised the sale of a database related to Government Employees Insurance Company (GEICO) on a popular dark web forum. The alleged GEICO data breach incident came to light on January 14, 2024, when the threat actor posted details on the Nuovo BreachForums.
According to the information obtained, the compromised database contains 552,900 records with various personal information fields such as first name, last name, phone number, address, city, and state. The Cyber Express has attempted to contact GEICO for a statement regarding this alleged data breach. However, as of now, there has been no official response from the company, leaving the claims unconfirmed from the company’s perspective.
The threat actor posted claims of the dark web first. The alleged GEICO data leak post reads, “GEICO Private Automobile Insurance Company of America, total 552,900 entries, de-focused, all screened open WS First-hand data, see screenshot below for formatting. Sold as a whole, not split, for data security reasons. Samples are as follows.”
Moreover, this is not the first time GEICO has faced a cybersecurity incident. In August 2023, the company encountered a nationwide class action lawsuit, accusing it of compromising customer privacy through the unauthorized release of driver’s license numbers. These released numbers were later exploited by identity thieves to secure fraudulent unemployment benefits.
The lawsuit, proceeding in the US District Court, alleges that GEICO’s practice of auto-populating driver’s license numbers during the online insurance quote process enabled criminals to breach the system between November 24, 2020, and March 1, 2021. This GEICO data breach resulted in the fraudulent application for unemployment benefits under victims’ names.
Despite the ongoing legal battle, GEICO is now facing another potential data breach, raising concerns about the company’s cybersecurity measures. It’s important to note that while the previous incident involved the release of driver’s license numbers, there is no evidence suggesting a direct correlation between the two incidents.
US District Judge Kiyo Matsumoto, who presided over the previous lawsuit, emphasized that it would be premature to dismiss GEICO’s responsibility for the plaintiffs’ injuries. The decision was based on the understanding that the data theft was part of a larger “concerted campaign by fraudsters” targeting the online quotation systems of insurance companies.
As the situation unfolds, it remains unclear whether the current data breach is linked to previous incidents. This is an ongoing story, and further updates will be provided as more information becomes available or upon any official confirmation from GEICO.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
A new paper gives an insider’s perspective into CISA’s Known Exploited Vulnerability catalog – and also offers a free tool…
The Cyber Express weekly roundup examines cyberattacks, AI misuse, data leaks, and regulatory pressure defining cybersecurity in early 2026.
This Spain Ministry of Science cyberattack incident does not exist in isolation.
The La Sapienza cyberattack shut down systems at Italy’s largest university, with reports linking the incident to BabLock malware and…
Trusted Access for Cyber is OpenAI’s new framework to expand secure use of GPT-5.3-Codex and ChatGPT for vetted cyber defenders.
Mitigating risk from End-of-Support edge devices is no longer about compliance, it’s about survival.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More