Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here’s what we know

insurance-company-assuranceamerica-exposes-6.9-million-drivers-following-major-data-breach-—-here’s-what-we-know
Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here’s what we know
A hand about to touch a phone. Superimposed on top of it is a pink triangle with exclamation mark inside it. Behind it is a computer display with code on it
(Image credit: Getty Images)

  • AssuranceAmerica reports breach affecting 6,998,886 customers, with attackers stealing credentials and exfiltrating sensitive insurance and driver data
  • Company reset passwords, isolated systems, and deployed enhanced monitoring; warns victims of phishing risks using stolen details
  • No group has claimed responsibility, and stolen data has not yet surfaced on the dark web, though ransom pressure tactics are common in such cases

AssuranceAmerica, an insurance company operating thousands of independent agents across the US, has confirmed suffering a cyberattack in which it lost sensitive data on almost seven million customers.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach and sharing a copy of the notification letter it will soon send out to the 6,998,886 affected individuals.

In the report, the company said an unidentified threat actor stole login credentials and moved into the network, grabbing names, contact information, automobile insurance policy or insurance account information, driver or vehicle information, claims-related information, and driver’s license numbers.

Data can be used for phishing

The attackers were spotted on March 17 2026 and were quickly locked out of the company’s network.

Affected systems were isolated, and law enforcement notified. AssuranceAmerica also reset everyone’s passwords, deployed enhanced monitoring and threat detection tools, and warned its staff to remain vigilant.

AssuranceAmerica has warned customers to be careful about incoming emails and other communications, especially those claiming to come from the company itself.

Using the information obtained in the breach, criminals can create highly convincing emails, tricking victims into making fraudulent payments, sharing login credentials to corporate and banking environments, or even downloading malware and ransomware.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, no one has claimed responsibility for this attack, and the data is yet to surface anywhere on the dark web. Usually, criminals would post snippets or samples on their websites, in an attempt to pressure the victim company into paying ransom for the files.

BleepingComputer notes AssuranceAmerica operates through a network of more than 9,500 independent agents, providing auto, renters, and commercial auto insurance coverage in 14 US states.


Best antivirus software header

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.


Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Leave a Reply

Your email address will not be published. Required fields are marked *