Threat actors are stealing information by taking advantage of the application design and code of websites that provide instant quotes for auto insurance rates. This personal information theft was first announced on Feb. 16 and is ongoing. The New York Department of Financial Services (NYDFS) received reports of two new attack techniques. In the first, threat actors used web tools to steal private personal information. They used credential stuffing to gain access to insurance agents accounts to enter the web portals of instant quote websites. From there, they made API calls to data service providers.”]
Source: https://securityintelligence.com/news/personal-information-theft-car-insurance-quotes/