ACSC Data Breach Exposes Sensitive Driver Information via Third-Party Vendor
A data breach at the Automobile Club of Southern California (ACSC), also known as AAA SoCal, has exposed sensitive personally identifiable information (PII) of an unknown number of individuals. The breach, linked to a third-party vendor, DanubeNet Inc. (Driving School Solutions), compromised data including names and driver’s permit/license numbers.
ACSC, a major affiliate of the American Automobile Association (AAA) founded in 1900, provides services such as emergency road assistance, insurance, and travel planning. The incident was disclosed to the Massachusetts Attorney General on March 9, 2026, with at least six individuals in Massachusetts confirmed as affected. The full scope of the breach, including the total number of impacted individuals across other states, remains under investigation.
Legal firm Shamis & Gentile P.A. is currently reviewing potential compensation claims for those affected. The breach highlights risks associated with third-party vendor vulnerabilities in handling sensitive data.
Source: https://www.claimdepot.com/investigations/aaa-data-breach-2026
AAA Auto Club Enterprises cybersecurity rating report: https://www.rankiteo.com/company/aaa-auto-club-enterprises
"id": "AAA1773167837",
"linkid": "aaa-auto-club-enterprises",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (at least six '
'individuals in Massachusetts '
'confirmed)',
'industry': 'Automotive Services, Insurance, Travel '
'Planning',
'location': 'Southern California, USA',
'name': 'Automobile Club of Southern California (ACSC) '
'/ AAA SoCal',
'type': 'Organization'},
{'industry': 'Driving School Solutions',
'name': 'DanubeNet Inc. (Driving School Solutions)',
'type': 'Third-Party Vendor'}],
'attack_vector': 'Third-Party Vendor Compromise',
'data_breach': {'personally_identifiable_information': 'Names, driver’s '
'permit/license '
'numbers',
'sensitivity_of_data': 'High (driver’s permit/license '
'numbers, names)',
'type_of_data_compromised': 'Personally identifiable '
'information (PII)'},
'date_publicly_disclosed': '2026-03-09',
'description': 'A data breach at the Automobile Club of Southern California '
'(ACSC), also known as AAA SoCal, has exposed sensitive '
'personally identifiable information (PII) of an unknown '
'number of individuals. The breach, linked to a third-party '
'vendor, DanubeNet Inc. (Driving School Solutions), '
'compromised data including names and driver’s permit/license '
'numbers.',
'impact': {'brand_reputation_impact': 'Potential brand reputation damage due '
'to third-party vendor breach',
'data_compromised': 'Personally identifiable information (PII), '
'including names and driver’s permit/license '
'numbers',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal actions and compensation '
'claims'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights risks associated with third-party vendor '
'vulnerabilities in handling sensitive data',
'post_incident_analysis': {'root_causes': 'Third-party vendor compromise '
'(DanubeNet Inc.)'},
'references': [{'source': 'Massachusetts Attorney General'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'being reviewed',
'regulatory_notifications': 'Disclosed to '
'Massachusetts Attorney '
'General'},
'response': {'communication_strategy': 'Disclosure to Massachusetts Attorney '
'General',
'third_party_assistance': 'Legal firm Shamis & Gentile P.A. '
'reviewing compensation claims'},
'title': 'ACSC Data Breach Exposes Sensitive Driver Information via '
'Third-Party Vendor',
'type': 'Data Breach'}