AAA Driver Training School Data Breach Exposes Personal Information of Over 25,000 Massachusetts Residents
AAA Driver Training School, Inc. (DTS), a prominent driver education provider in the Northeast, disclosed a data breach affecting thousands of students in Massachusetts. The incident stemmed from unauthorized access to a third-party vendor’s systems in late December 2025, which stored sensitive student data.
The vendor, whose identity remains undisclosed, detected and terminated the breach, but not before exposing personal information, including names, contact details, dates of birth, and driver permit or license numbers. The breach was confined to a single vendor system, with no other DTS or AAA Northeast data compromised.
On March 5, 2026, DTS filed a disclosure with the Massachusetts Office of Consumer Affairs and Business Regulation, confirming that 25,247 state residents were impacted. The total number of affected individuals nationwide has not been released.
In response, DTS is offering 12 months of complimentary Experian IdentityWorks credit monitoring and identity theft protection to affected individuals. The service includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Minors are eligible for Experian’s MinorPlus program. Enrollment requires an activation code provided in notification letters sent to impacted parties.
Source: https://www.claimdepot.com/data-breach/aaa-driver-training-school-2026
AAA Driving School cybersecurity rating report: https://www.rankiteo.com/company/aaa-driving-school
"id": "AAA1772749675",
"linkid": "aaa-driving-school",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '25,247 Massachusetts residents',
'industry': 'Education',
'location': 'Northeast, USA',
'name': 'AAA Driver Training School, Inc. (DTS)',
'type': 'Driver education provider'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Notification letters sent to affected individuals '
'with activation codes for credit monitoring',
'data_breach': {'number_of_records_exposed': '25,247 (Massachusetts '
'residents)',
'personally_identifiable_information': 'Names, contact '
'details, dates of '
'birth, driver '
'permit/license '
'numbers',
'sensitivity_of_data': 'High (PII including driver '
'permit/license numbers)',
'type_of_data_compromised': 'Personal information'},
'date_detected': '2025-12-01',
'date_publicly_disclosed': '2026-03-05',
'description': 'AAA Driver Training School, Inc. (DTS) disclosed a data '
'breach affecting thousands of students in Massachusetts. The '
'incident stemmed from unauthorized access to a third-party '
'vendor’s systems in late December 2025, which stored '
'sensitive student data. The breach exposed personal '
'information, including names, contact details, dates of '
'birth, and driver permit or license numbers.',
'impact': {'data_compromised': 'Personal information (names, contact details, '
'dates of birth, driver permit/license '
'numbers)',
'identity_theft_risk': 'High',
'systems_affected': 'Third-party vendor system'},
'post_incident_analysis': {'root_causes': 'Unauthorized access to third-party '
'vendor system'},
'references': [{'source': 'Massachusetts Office of Consumer Affairs and '
'Business Regulation'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed disclosure with '
'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation'},
'response': {'communication_strategy': 'Filed disclosure with Massachusetts '
'Office of Consumer Affairs and '
'Business Regulation; sent '
'notification letters to affected '
'individuals',
'containment_measures': 'Breach detected and terminated by '
'vendor',
'remediation_measures': 'Offering 12 months of complimentary '
'Experian IdentityWorks credit '
'monitoring and identity theft '
'protection'},
'title': 'AAA Driver Training School Data Breach Exposes Personal Information '
'of Over 25,000 Massachusetts Residents',
'type': 'Data Breach'}