Insurance provider AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of up to 6.9 million people.
AssuranceAmerica provides car and rental insurance to customers across 14 US states through a network of over 9,500 independent agents.
TechCrunch reports:
“AssuranceAmerica said it discovered hackers in its computer systems on March 17. The company concluded its investigation on June 15, finding that the hackers had stolen customers’ names, contact information, and driver’s license numbers.“
The breach notice letter also mentions information about customers’ auto insurance policies and accounts, their drivers and vehicles, and details about customer claims.
AssuranceAmerica has not yet released a public statement about the data breach. However, public breach notices and independent reporting indicate that the incident began with a targeted phishing attack against a single employee. An unauthorized third party accessed parts of the insurer’s IT systems and copied files containing customer policy information and driver’s license numbers. So far, no law‑enforcement or vendor report has publicly linked this activity to a specific threat group, ransomware operation, or nation‑state actor.
No public source has reported a ransom demand, negotiations, or payment, and AssuranceAmerica’s public filings are quiet about any contact with the attackers.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
- Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose and store one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for impersonation scams. Criminals may contact you pretending to be the company. Check the company’s website to see how it is contacting affected customers, and verify anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and create a false sense of urgency with messages about missed deliveries, suspended accounts, or security alerts.
- Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online and helps you recover if your identity is stolen.
Check your personal data exposure
You can check whether any of your personal information has been exposed using our Digital Footprint portal. Enter the email address you use most often and we’ll generate a free Digital Footprint report.
Please enter a valid email address