Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here's what we know

No one has claimed responsibility for AssuranceAmerica attack yet.

Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here's what we know
  • AssuranceAmerica reports breach affecting 6,998,886 customers, with attackers stealing credentials and exfiltrating sensitive insurance and driver data
  • Company reset passwords, isolated systems, and deployed enhanced monitoring; warns victims of phishing risks using stolen details
  • No group has claimed responsibility, and stolen data has not yet surfaced on the dark web, though ransom pressure tactics are common in such cases

AssuranceAmerica, an insurance company operating thousands of independent agents across the US, has confirmed suffering a cyberattack in which it lost sensitive data on almost seven million customers.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach and sharing a copy of the notification letter it will soon send out to the 6,998,886 affected individuals.

In the report, the company said an unidentified threat actor stole login credentials and moved into the network, grabbing names, contact information, automobile insurance policy or insurance account information, driver or vehicle information, claims-related information, and driver's license numbers.

Data can be used for phishing

The attackers were spotted on March 17 2026 and were quickly locked out of the company’s network.

Affected systems were isolated, and law enforcement notified. AssuranceAmerica also reset everyone’s passwords, deployed enhanced monitoring and threat detection tools, and warned its staff to remain vigilant.

AssuranceAmerica has warned customers to be careful about incoming emails and other communications, especially those claiming to come from the company itself.

Using the information obtained in the breach, criminals can create highly convincing emails, tricking victims into making fraudulent payments, sharing login credentials to corporate and banking environments, or even downloading malware and ransomware.

So far, no one has claimed responsibility for this attack, and the data is yet to surface anywhere on the dark web. Usually, criminals would post snippets or samples on their websites, in an attempt to pressure the victim company into paying ransom for the files.

BleepingComputer notes AssuranceAmerica operates through a network of more than 9,500 independent agents, providing auto, renters, and commercial auto insurance coverage in 14 US states.

Share

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0