(Reuters) – The New York Attorney General’s office fined car insurance company Geico $9.75 million on Monday for hacks that obtained personal information on 116,000 drivers in the state.
The attorney general and state Department of Financial Services said Geico and Travelers Indemnity Company violated state data protection rules by failing to implement policies that would protect customers’ information.
Both companies were hacked during the COVID-19 pandemic, amid a wave of cyberattacks seeking information such as drivers license numbers for use in fraudulent unemployment claims, the agencies said.
Travelers will pay $1.55 million for a breach that exposed information on around 4,000 people, the agencies said.
The two companies agreed to take measures to improve their cybersecurity practices.
(Reporting by Jody Godoy in New York; Editing by Chizu Nomiyama)