The following incident sounds almost identical to the incident reported by American Family Insurance, but this report is from Noblr Reciprocal Exchange (Noblr). As with the one from American Family Insurance, if you receive a letter next week from Noblr, read it.
A letter signed by Jennifer Lawrence, their Chief Legal Officer, explains, but begins by noting:
Please note that you may be affected even if you have no relationship with Noblr if your information was used by the attackers in connection with this incident.
Noblr is an insurance reciprocal exchange that maintains a public-facing instant quote feature, which allows anyone to obtain a tailored insurance quote after entering basic personal information. This feature works by taking the information entered into our webform and using it to get additional information from an outside service provider, including driver’s license numbers, about the person whose information was entered. The system automatically gathers the additional information to improve the accuracy of the quote. This incident affected that additional information. Even if you do not have a relationship with Noblr, your information could have been affected if the attackers entered your information, or the information on someone in your household, into the quote platform.
What Happened
On January 21, 2021, Noblr’s web team noticed unusual quote activity consisting of a spike in unfinished quotes through its instant quote webpage. Noblr immediately launched an internal investigation. The initial investigation revealed that attackers may have initiated these quotes in order to steal driver’s license numbers which were inadvertently included in the page source code.
As described above, the instant quote process works by taking personal data (name and date of birth) entered into the system and matching it with related information automatically pulled from a third-party to help provide a quote. The attackers appear to have already been in possession of the names and dates of birth of consumers, and then used that information to obtain additional personal information through Noblr’s instant quote platform.
Attackers could also have gone through the entire quote process to access personal information in the final policy application documents provided after obtaining a quote.
On January 25, 2021, following the initial discovery of unusual quote activity, Noblr’s security team began blocking suspicious IP addresses. On January 27, 2021, when Noblr determined that the attackers were able to access driver’s license numbers, Noblr altered its instant quote system to prevent further access by the attackers and took other steps to combat these attacks.
Noblr will be notifying 97,633 consumers, beginning May 14.
The template of their notification letter appears below. Unlike American Family Insurance, their notification does not make any mention of unemployment fraud, but the similarities between these two breach reports are so evident, that it seems likely there is a link.
Noblr Notification Template