© Reuters. FILE PHOTO: Shareholders shop for discounted insurance policies at the Geico booth at the annual Berkshire Hathaway shareholder meeting in Omaha, Nebraska, U.S., May 4, 2019. REUTERS/Scott Morgan/File Photo
By Jonathan Stempel
NEW YORK (Reuters) – Geico must face a proposed nationwide class action accusing the car insurer of violating customers’ privacy by disclosing hundreds of thousands of driver’s license numbers to identity thieves looking to collect fraudulent unemployment benefits.
In a decision on Monday, U.S. District Judge Kiyo Matsumoto in Brooklyn accepted a magistrate judge’s recommendation that Geico defend against claims it owed damages for negligence and for violating the federal Driver’s Privacy Protection Act.
Geico, a unit of billionaire Warren Buffett’s Berkshire Hathaway (NYSE:), was accused of auto-populating driver’s license numbers into its online system when users entered “basic” information such as names, addresses and birth dates in order to obtain insurance quotations.
According to the lawsuit, this “quickly caught the attention” of criminals who breached Geico’s system between Nov. 24, 2020 and March 1, 2021, and used the license numbers to fraudulently apply for unemployment benefits under victims’ names.
The plaintiffs said Geico’s failure to safeguard their data exposed them to greater risk of fraud, and forced them to spend more time monitoring their bank accounts and credit.
Matsumoto said it was premature to accept Geico’s claim that it could not be the “proximate cause” of the plaintiffs’ alleged injuries, because the theft had been merely one component of a “concerted campaign by fraudsters” targeting insurers’ online quotation platforms.
Kristen Wenger, a lawyer for Geico, declined to comment. Lawyers for the plaintiffs did not immediately respond to requests for comment.
Matsumoto accepted a July 21 recommendation by U.S. Magistrate Judge Sanket Bulsara to let the lawsuit proceed.
She also accepted his recommendation to dismiss claims that Geico violated a New York state consumer protection law and committed negligence “per se.”
The case is In re Geico Customer Data Breach Litigation, U.S. District Court, Eastern District of New York, No. 21-02210.
Read the full article here