AMHERST, N.Y. (WKBW) — A Geico spokesperson confirmed with 7 News that MOVEit, an outside software program that Geico uses to transfer data to third-party vendors, was involved in a data breach. MOVEit told 7 News that the company disclosed the vulnerability on May 31, and deployed a patch the same day.
The letter above, which Geico shared with 7 News' Kristen Mirand, went to employees making them aware of 'security issues' and that the cybersecurity team is closely monitoring to see if any data from Geico was compromised.
The letter from Geico's Chief Information Security Officer suggests that employees freeze their credit. Geico confirmed this will not impact Geico customers.
Heather Dudziak said she worked for Geico and left the job about a month ago. She claims her information was hacked because the company has put cyber security on the back burner.
"My information, my daughter's information, my husband's information and my step-father's information was leaked due to this data breach," Dudziak said.
She said her social security number and her family's social security number were shared with the company for her health insurance which she believes was then obtained by hackers. She added that her former co-workers have told her others are experiencing the same thing.
"This is a violation of not only my security, my daughter, my husband, my stepdaughters and I just don't feel safe," she added.
How to protect yourself
Kyle Cavalieri, the president of Avalon Cyber, has years of experience in cybersecurity. Cavalieri said data breaches aren't going away anytime soon.
"So a lot of times what's happening is that they're collecting or harvesting this information and they're selling it on the dark web because it's valuable information," Cavalieri said.
Cavalieri said it's a lucrative business, so should you find your information was leaked, there are steps you can take. If your company username and password were hacked, change your password and set up multi-factor authentication.
"This creates an extra level of difficulty for the attacker to gain access to the account," he explained.
If your identity or social security number were stolen, he suggests credit monitoring.
"This just provides you with notifications when something changes on your credit," he said.
Cavalieri also suggested visiting the government's identity theft website if you suspect this is happening to you.