NYDFS Alerts Insurance Industry on Cyber Threats to Auto Quote Functions

Locke Lord LLP
Contact

The New York Department of Financial Services (NYDFS) has now released a pair of alerts on the increase in cyberattacks on public facing insurance websites that provide instant quoting services to customers.  If you provide instant online quoting through your website, it is imperative that you review your system’s security and the methods you use to provide instant quotes.  A few simple steps could mitigate or outright prevent many of the common consequences from these attacks.

As described by the NYDFS, the cyberattacks typically use a mix of credential stuffing and misuse of website debugging tools to steal individual identifiers that may be provided to individuals as part of the online quoting process.  For example, the quoting tool may request an individual’s name along with another identifier and then would autofill other potentially sensitive identifiers.  The attackers mass-query online quoting tools using known names and identifier combinations in order to obtain new valid combinations of identifiers.

Remediation can be simple.  Disabling the autofill systems for many online quoting tools will temporarily solve the problem and mitigate the ongoing risk.  For more permanent ongoing solutions that would still permit autofill features, the NYDFS recommends a number of options, including web application firewalls, CAPTCHA, and limiting access to online portals.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP
Contact
more
less

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.