(Reuters) – The New York Attorney General’s office fined car insurance company Geico $9.75 million on Monday for hacks that obtained personal information on 116,000 drivers in the state.
The attorney general and state Department of Financial Services said Geico and Travelers (NYSE:) Indemnity Company violated state data protection rules by failing to implement policies that would protect customers’ information.
Both companies were hacked during the COVID-19 pandemic, amid a wave of cyberattacks seeking information such as drivers license numbers for use in fraudulent unemployment claims, the agencies said.
Travelers will pay $1.55 million for a breach that exposed information on around 4,000 people, the agencies said.
The two companies agreed to take measures to improve their cybersecurity practices.
