← All articles

AssuranceAmerica breach exposes driver's license data of 6.9 million people

US auto insurer AssuranceAmerica has confirmed a breach affecting nearly 6.9 million people, the largest known exposure of Americans' driver's license data this year. The company detected the intrusion on March 17 after attackers compromised a single employee's credentials the day before and copied data files, but a lengthy review of the files was not finished until June 15, delaying notifications until now. The stolen data includes names, contact details, driver's license numbers, auto insurance policy and claims information, and, for some people, Social Security numbers. AssuranceAmerica has not detailed how the employee's credentials were taken, though such incidents are often tied to phishing or credential-stealing malware.

Check
People insured by AssuranceAmerica should watch for a breach notification, monitor bank and credit accounts and credit reports for fraud, and be wary of messages referencing their policy or claims.
Affected
Roughly 6.9 million AssuranceAmerica customers whose driver's license numbers, contact details, and insurance information were exposed, along with Social Security numbers for some; the data enables identity theft and convincing targeted phishing.
Fix
Affected people should consider a credit freeze given exposed license and Social Security numbers, monitor financial accounts, and treat insurance-themed messages cautiously. Organizations should enforce phishing-resistant MFA on employee accounts.