(Reuters) -The New York Attorney General's office fined car insurance company Geico $9.75 million on Monday for hacks that obtained personal information on 116,000 drivers in the state.

The attorney general and state Department of Financial Services said Geico and Travelers (NYSE: TRV ) Indemnity Company violated state data protection rules by failing to implement policies that would protect customers' information.

Both companies were hacked during the COVID-19 pandemic, amid a wave of cyberattacks seeking information such as drivers license numbers for use in fraudulent unemployment claims, the agencies said.

Travelers will pay $1.55 million for a breach that exposed information on around 4,000 people, the agencies said.

The two companies agreed to take measures to improve their cybersecurity practices.

A Geico spokesperson said the company reported the breach to the state and that it has since put significant resources towards further strengthening its cybersecurity.

A spokesperson for Travelers did not immediately reply to a request for comment.