Cyber criminals are stealing data from websites that provide instant insurance quotes, the New York State Department of Financial Services (DFS) is warning.
The regulator issued a cybersecurity alert to the financial industry warning about “a systemic and aggressive campaign to exploit cybersecurity flaws in public-facing websites” to steal consumers’ private information from sites that transmit or display redacted client information.
The DFS said that it has received reports from several firms about data theft from websites that provide instant quotes for products such as insurance. The objective of these thefts, the DFS said, is to use the stolen data to fraudulently apply for pandemic and unemployment benefits.
The alert calls on all regulated firms with instant quote websites to “immediately review those websites for evidence of hacking.”
“Cyber criminals are creative and tenacious, and continue to look for new ways to exploit us during an already vulnerable time,” said Linda Lacewell, superintendent of financial services.
The regulator’s alert details the techniques cybercriminals are using and recommends measures to better protect consumer data.
“DFS expects the industry to protect consumer data by addressing cybersecurity risks in everything they do,” Lacewell said.