Hackers exploited vulnerabilities in an online quote tool used by Progressive Corporation (and other auto insurers) to steal driver’s license numbers and other personal information of over **825,000 New York residents**. The stolen data was subsequently used to file **fraudulent unemployment claims** during the COVID-19 pandemic, leading to financial losses and reputational damage. The breach resulted from inadequate security measures, prompting New York’s Attorney General to impose a **$14.2 million settlement** (part of a larger $20.79 million recovery from 10 insurers). The incident highlights systemic failures in safeguarding sensitive customer data, exposing victims to identity theft and financial fraud. While no direct ransomware was involved, the exploitation of vulnerabilities enabled large-scale data theft with tangible financial consequences for affected individuals and the company.
TPRM report: https://www.rankiteo.com/company/progressive-insurance
"id": "pro3292632101525",
"linkid": "progressive-insurance",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '825,000+ residents',
'industry': 'insurance',
'location': 'New York State, USA',
'type': 'auto insurance companies'}],
'attack_vector': ['exploitation of quote tool vulnerabilities',
'unauthorized access'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '825,000+',
'personally_identifiable_information': 'Yes (driver’s license '
'numbers)',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['driver’s license numbers']},
'date_publicly_disclosed': '2023-11-07T00:00:00Z',
'description': 'Hackers exploited vulnerabilities in quote tools used by auto '
'insurance companies to steal driver’s license numbers. Some '
'of the stolen data was used to file fraudulent unemployment '
'claims during the COVID-19 pandemic. New York State Attorney '
'General Letitia James secured $14.2 million in settlements '
'from eight companies, bringing the total recovered to $20.79 '
'million from 10 insurers for data security failures.',
'impact': {'brand_reputation_impact': 'High (due to fraudulent use of stolen '
'data and regulatory action)',
'data_compromised': ['driver’s license numbers'],
'financial_loss': '$14.2 million (settlements from 8 companies); '
'$20.79 million total from 10 insurers',
'identity_theft_risk': 'High (driver’s license numbers used for '
'fraudulent unemployment claims)',
'legal_liabilities': '$14.2 million in settlements (8 companies); '
'$20.79 million total (10 insurers)',
'systems_affected': ['online quote tools']},
'initial_access_broker': {'entry_point': 'Vulnerabilities in quote tools',
'high_value_targets': ['driver’s license numbers']},
'investigation_status': 'Completed (settlements reached)',
'motivation': ['financial gain', 'fraud (unemployment claims)'],
'post_incident_analysis': {'root_causes': ['Inadequate security measures in '
'online quote tools']},
'references': [{'date_accessed': '2023-11-07',
'source': 'New York State Attorney General Press Release'}],
'regulatory_compliance': {'fines_imposed': '$14.2 million (8 companies); '
'$20.79 million total (10 '
'insurers)',
'legal_actions': 'Settlements secured by New York '
'State Attorney General',
'regulations_violated': ['New York State data '
'protection laws '
'(implied)'],
'regulatory_notifications': 'Yes (public disclosure '
'by Attorney General’s '
'office)'},
'response': {'law_enforcement_notified': 'Yes (New York State Attorney '
'General’s office investigation)'},
'title': 'Auto Insurance Companies Data Breach Leading to Fraudulent '
'Unemployment Claims',
'type': ['data breach', 'identity theft', 'fraud'],
'vulnerability_exploited': 'Vulnerabilities in online quote tools'}