The personal information of nearly 7 million drivers was exposed in a data breach affecting American insurance giant AssuranceAmerica.
Atlanta, Georgia-based AssuranceAmerica provides auto, renters, and commercial auto insurance coverage through a network of over 9,500 independent agents across 14 states, including Florida, Ohio, Pennsylvania, Texas, and Virginia.
The insurance giant learned of the data breach on March 17 after detecting suspicious activity on its IT systems and launched an investigation.
AssuranceAmerica confirms data breach
The probe determined an unauthorized actor had compromised its IT infrastructure on March 16 and copied certain files containing personal information. A further investigation was conducted to determine the nature of the stolen information and to whom it pertained.
According to data breach notification letters sent to affected victims, the cyber intrusion incident leaked their contact information, automobile insurance policy or insurance account information, driver or vehicle information, claims-related information, driver’s license numbers, Tax ID information, and/or Social Security numbers.
Exposing this information puts victims at an elevated risk of phishing, identity theft, and fraud. According to a regulatory filing with the Office of the Maine Attorney General, the data breach affected 6,998,886 people.
Meanwhile, the identity of the bad actor, whether they have demanded a ransom, and whether they have misused the stolen information remain undisclosed. Nevertheless, AssuranceAmerica has disclosed that the attacker targeted an employee by phishing to gain initial access. In 2025, the hacking group Scattered Spider was responsible for similar cyber attacks targeting insurance companies through social engineering and phishing.
In response to the breach, AssuranceAmerica has revoked the compromised login credentials to terminate the threat actor’s access, ended active sessions, isolated or shut down the affected systems, notified the relevant authorities, and hired external cybersecurity experts to investigate the incident.
The insurance giant has also implemented additional measures to enhance the security of its systems and increased security monitoring to prevent a similar data breach in the future.
“The Company also implemented additional measures designed to enhance the security of its IT systems and data, including resetting passwords, deploying enhanced monitoring and threat detection tools, and providing additional instruction to personnel regarding cybersecurity threats,” it stated.
According to a breach notice filed with California’s Attorney General’s office, AssuranceAmerica is also offering a 12-month credit monitoring service with IDX. Victims can also request free annual credit reports from major credit bureaus, including Experian, Equifax, and TransUnion.
AssuranceAmerica also advised the impacted victims to monitor their financial accounts and credit reports, and to notify their financial institutions and relevant authorities of any suspicious activity. They can also place credit freezes to prevent fraudsters from opening new credit lines.
“This is a complete identity theft kit for 7 million people,” said Denis Calderone, CTO, Suzu Labs. “Driver’s license numbers, Social Security numbers, dates of birth, home addresses, and insurance policy details. That is everything an attacker needs to open credit accounts, file fraudulent tax returns, pass Know Your Customer (“KYC”) checks at banks, or submit false insurance claims using real policy numbers. And because AssuranceAmerica handles non-standard auto insurance, much of this data belongs to people who may already have limited financial resources and less bandwidth to fight identity fraud when it shows up.”
Insurance industry hit by another data breach
The financial services sector, including the insurance industry, is a frequent target of cybercriminals. The AssuranceAmerica data breach adds to a growing list of insurance companies targeted by cybercriminals.
In June 2026, a data breach at Aflac Japan exposed the personal information of 4.38 million people. A year ago, Aflac North America was also breached, exposing the extensive personal information of approximately 22 million people.
In June 2025, Scattered Spider also breached Erie Insurance and Philadelphia Insurance Companies. In the same month, Farmers Insurance also experienced a data breach after hackers compromised a third-party database.
In July 2025, Allianz Life Insurance North America also experienced a data breach that affected most of its 1.4 million customers, financial professionals, and employees, after hackers exploited a third-party customer relationship management (CRM) system via social engineering.

