DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Noblr Reciprocal Exchange to notify 97,633 consumers of breach involving insurance quote platform

Posted on May 8, 2021December 19, 2024 by Dissent

The following incident sounds almost identical to the  incident reported by American Family Insurance, but this report is from Noblr Reciprocal Exchange (Noblr). As with the one from American Family Insurance, if you receive a letter next week from Noblr, read it.

Car illustration

A letter signed by Jennifer Lawrence, their Chief Legal Officer, explains, but begins by noting:

Please note that you may be affected even if you have no relationship with Noblr if your information was used by the attackers in connection with this incident.

Noblr is an insurance reciprocal exchange that maintains a public-facing instant quote feature, which allows anyone to obtain a tailored insurance quote after entering basic personal information. This feature works by taking the information entered into our webform and using it to get additional information from an outside service provider, including driver’s license numbers, about the person whose information was entered. The system automatically gathers the additional information to improve the accuracy of the quote. This incident affected that additional information. Even if you do not have a relationship with Noblr, your information could have been affected if the attackers entered your information, or the information on someone in your household, into the quote platform.

What Happened

On January 21, 2021, Noblr’s web team noticed unusual quote activity consisting of a spike in unfinished quotes through its instant quote webpage. Noblr immediately launched an internal investigation. The initial investigation revealed that attackers may have initiated these quotes in order to steal driver’s license numbers which were inadvertently included in the page source code.

As described above, the instant quote process works by taking personal data (name and date of birth) entered into the system and matching it with related information automatically pulled from a third-party to help provide a quote. The attackers appear to have already been in possession of the names and dates of birth of consumers, and then used that information to obtain additional personal information through Noblr’s instant quote platform.

Attackers could also have gone through the entire quote process to access personal information in the final policy application documents provided after obtaining a quote.

On January 25, 2021, following the initial discovery of unusual quote activity, Noblr’s security team began blocking suspicious IP addresses. On January 27, 2021, when Noblr determined that the attackers were able to access driver’s license numbers, Noblr altered its instant quote system to prevent further access by the attackers and took other steps to combat these attacks.

Noblr will be notifying  97,633 consumers, beginning May 14.

The template of their notification letter appears below. Unlike American Family Insurance, their notification does not make any mention of unemployment fraud, but the similarities between these two breach reports are so evident, that it seems likely there is a link.

Noblr Notification Template
Category: Business SectorHackOf NoteU.S.

Post navigation

← American Family Insurance to notify 283,734 of breach linked to unemployment benefits fraud
Tulsa, Oklahoma and Rensselaer Polytechnic Institute disclose ransomware incidents →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.