DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Noblr Reciprocal Exchange to notify 97,633 consumers of breach involving insurance quote platform

Posted on May 8, 2021December 19, 2024 by Dissent

The following incident sounds almost identical to the  incident reported by American Family Insurance, but this report is from Noblr Reciprocal Exchange (Noblr). As with the one from American Family Insurance, if you receive a letter next week from Noblr, read it.

Car illustration

A letter signed by Jennifer Lawrence, their Chief Legal Officer, explains, but begins by noting:

Please note that you may be affected even if you have no relationship with Noblr if your information was used by the attackers in connection with this incident.

Noblr is an insurance reciprocal exchange that maintains a public-facing instant quote feature, which allows anyone to obtain a tailored insurance quote after entering basic personal information. This feature works by taking the information entered into our webform and using it to get additional information from an outside service provider, including driver’s license numbers, about the person whose information was entered. The system automatically gathers the additional information to improve the accuracy of the quote. This incident affected that additional information. Even if you do not have a relationship with Noblr, your information could have been affected if the attackers entered your information, or the information on someone in your household, into the quote platform.

What Happened

On January 21, 2021, Noblr’s web team noticed unusual quote activity consisting of a spike in unfinished quotes through its instant quote webpage. Noblr immediately launched an internal investigation. The initial investigation revealed that attackers may have initiated these quotes in order to steal driver’s license numbers which were inadvertently included in the page source code.

As described above, the instant quote process works by taking personal data (name and date of birth) entered into the system and matching it with related information automatically pulled from a third-party to help provide a quote. The attackers appear to have already been in possession of the names and dates of birth of consumers, and then used that information to obtain additional personal information through Noblr’s instant quote platform.

Attackers could also have gone through the entire quote process to access personal information in the final policy application documents provided after obtaining a quote.

On January 25, 2021, following the initial discovery of unusual quote activity, Noblr’s security team began blocking suspicious IP addresses. On January 27, 2021, when Noblr determined that the attackers were able to access driver’s license numbers, Noblr altered its instant quote system to prevent further access by the attackers and took other steps to combat these attacks.

Noblr will be notifying  97,633 consumers, beginning May 14.

The template of their notification letter appears below. Unlike American Family Insurance, their notification does not make any mention of unemployment fraud, but the similarities between these two breach reports are so evident, that it seems likely there is a link.

Noblr Notification Template
Category: Business SectorHackOf NoteU.S.

Post navigation

← American Family Insurance to notify 283,734 of breach linked to unemployment benefits fraud
Tulsa, Oklahoma and Rensselaer Polytechnic Institute disclose ransomware incidents →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.