Major US car insurer Geico has sent a letter to policy holders to tell them of a hack which exposed their driver’s licence number to cyber-attackers.

“We have reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name,” wrote the company, which has more than 17m policies and insures more than 28m vehicles.

“If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed.”

The letter is copied in a data breach notification which the company has filed with the California Attorney General’s office.

In it Geico says it has recently determined that between 21 January and 1 March fraudsters used information about customers, which they had acquired elsewhere, to obtain unauthorised access to their licence number through the company’s online sales system. No other information was obtained.

In response, Geico secured the affected website, worked to identify the root cause of the incident and implemented security enhancements to help prevent future fraud and illegal activities.

The Maryland-headquartered company apologised for any concern caused and is offering a free one-year subscription to an identity protection service to affected policy holders.

Register to receive the latest cyber security news and analysis straight to your inbox