AssuranceAmerica Confirms Massive Data Breach Affecting 6.9 Million Americans
U.S. insurance provider AssuranceAmerica has disclosed a data breach impacting 6.9 million people, marking the largest known exposure of Americans’ driver’s license information this year. The company, which offers car and rental insurance across over a dozen states, confirmed that hackers accessed sensitive customer data, including names, contact details, and driver’s license numbers information that could be exploited for fraud and impersonation.
The breach was detected on March 17, with the investigation concluding on June 15. In addition to personal data, the attackers stole auto insurance policy details, vehicle and driver information, and customer claim records. While AssuranceAmerica did not specify all compromised data types, it revealed that the hackers targeted an employee, later disabling the compromised credentials. The method of credential theft remains unclear, though similar incidents have involved password-stealing malware or vulnerable software.
AssuranceAmerica did not respond to inquiries about whether it engaged with the hackers or paid a ransom. The breach was officially listed with the Indiana attorney general’s office, with notification letters set to be sent to affected individuals on July 10. A separate filing with the Maine attorney general’s office confirmed the same figure of 6.99 million impacted people, though Maine’s breach portal is currently offline following a fraudulent disclosure last month.
This incident follows a string of recent breaches exposing driver’s licenses and identity documents, including a June breach of Texas state systems that compromised 3 million driver’s license and passport numbers. Other high-profile leaks have involved hotel check-in systems, money transfer apps, and government services, highlighting growing risks as more platforms require identity verification under new age-restriction laws.
AssuranceAmerica cybersecurity rating report: https://www.rankiteo.com/company/assuranceamerica
"id": "ASS1783528227",
"linkid": "assuranceamerica",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '6.9 million',
'industry': 'Insurance',
'location': 'United States',
'name': 'AssuranceAmerica',
'type': 'Insurance Provider'}],
'attack_vector': 'Compromised employee credentials',
'customer_advisories': 'Notification letters sent on July 10, 2024',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '6.9 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Contact details',
'Driver’s license numbers',
'Auto insurance policy details',
'Vehicle and driver information',
'Customer claim records']},
'date_detected': '2024-03-17',
'date_publicly_disclosed': '2024-07-10',
'date_resolved': '2024-06-15',
'description': 'U.S. insurance provider AssuranceAmerica disclosed a data '
'breach impacting 6.9 million people, marking the largest '
'known exposure of Americans’ driver’s license information '
'this year. Hackers accessed sensitive customer data, '
'including names, contact details, and driver’s license '
'numbers, which could be exploited for fraud and '
'impersonation. The breach also involved auto insurance policy '
'details, vehicle and driver information, and customer claim '
'records.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Names, contact details, driver’s license '
'numbers, auto insurance policy details, '
'vehicle and driver information, customer '
'claim records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential'},
'initial_access_broker': {'entry_point': 'Compromised employee credentials'},
'investigation_status': 'Concluded',
'motivation': 'Fraud and impersonation',
'post_incident_analysis': {'root_causes': 'Compromised employee credentials '
'(potentially via password-stealing '
'malware or vulnerable software)'},
'references': [{'source': 'Indiana attorney general’s office'},
{'source': 'Maine attorney general’s office'}],
'regulatory_compliance': {'regulatory_notifications': ['Indiana attorney '
'general’s office',
'Maine attorney '
'general’s office']},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals',
'containment_measures': 'Disabled compromised credentials'},
'title': 'AssuranceAmerica Data Breach Affecting 6.9 Million Americans',
'type': 'Data Breach'}