Costs of a data breach: Geico and Travelers fined $11.3M by New York State

Data breach costs: Geico and Travelers fined $11.3M by New York State

Image via Unsplash

Geico and Travelers have been fined a combined total of $11.3 million by the state of New York. These fines, including a $9.75 million settlement with Geico and a $1.55 million settlement with Travelers, were the result of data breaches impacting over 120,000 New York residents. In both cases, it was determined that lapses in the organizations’ cybersecurity postures contributed to the loss of the stolen data.

Anne Cutler, Cybersecurity Evangelist at Keeper Security, comments, “The settlements with Geico and Travelers highlight how cybersecurity lapses can lead to real-world consequences for both organizations and the individuals whose data they are entrusted to protect. In both instances, attackers exploited known weaknesses — whether through the lack of Multi-Factor Authentication (MFA) or vulnerabilities in quoting tools — resulting in breaches that could have been mitigated with relatively standard security measures.

“These cases reflect a broader challenge many companies are facing: how to stay ahead of sophisticated cyber threats while balancing operational and financial priorities. However, the stakes are simply too high to treat cybersecurity as an afterthought. Regulatory penalties like these emphasize the importance of proactive measures — not only to comply with laws but to safeguard trust and meet the ethical obligations of managing sensitive data. Companies must regularly audit their data to ensure compliance and minimize unnecessary data retention to reduce the risk of exposure.

“Basic practices such as password management, MFA, encrypting sensitive information and deploying a threat detection system are essential. Routine patch management, frequent security audits and ongoing employee training further reduce vulnerabilities. Organizations handling sensitive information should also consider adopting a zero-trust framework and Privileged Access Management (PAM). These strategies help limit the impact of breaches and prevent unauthorized lateral movement within networks, enhancing overall security posture.”

Mr. Venky Raju, Field CTO at ColorTokens, adds, “The lack of strong consumer privacy protections in the United States certainly disincentivizes cybersecurity investments. The fines paid out by breached businesses in the recent months has been in the range of $10-100 per consumer, with the individual user getting at best free credit monitoring for a year. It will take more significant per-user penalties for businesses to prioritize cybersecurity investments for data breach prevention and reporting.

“It should be noted that cybersecurity investments are increasing every year. However, the fact that data breaches are also increasing suggests that the products and solutions being deployed are not effective and we need to find better ways to make the enterprise breach ready. Businesses must immediately adopt a zero trust architecture and start implementing technologies like ZTNA, microsegmentation and passwordless authentication. These are software defined technologies that are relatively inexpensive, easy to deploy, and bring immediate risk reduction.”

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.