
AssuranceAmerica has confirmed a data breach affecting the personal information and driver’s license numbers of 6.9 million people. The incident is the largest known exposure of Americans’ driver’s license data reported so far this year.
The Atlanta-based insurance provider offers auto and renters insurance across more than a dozen U.S. states. Because of its business, the company holds personal details about customers, drivers, vehicles, insurance policies and claims.
In a breach notice reviewed by TechCrunch, AssuranceAmerica said it detected hackers in its systems on March 17. The company completed its investigation on June 15 and found that an unauthorized party had copied files containing personal and insurance-related information.
Hackers Accessed Insurance and Driver Data
The stolen data included names, contact information and driver’s license numbers. The company also said the files contained information about auto insurance policies and accounts, drivers and vehicles, and customer claims.
AssuranceAmerica did not specify every type of personal information taken. Some breach notices and legal investigations have also listed Social Security numbers and tax identification numbers among the potentially exposed data.
The company did not say exactly how the breach happened. However, it said the attackers targeted one of its employees and that AssuranceAmerica later disabled compromised credentials.
The breach was reported to state regulators, including the Indiana attorney general’s office, as affecting 6.99 million people. Notification letters were scheduled to be sent on July 10.
Driver’s License Data Can Be Used for Fraud
Driver’s license numbers are sensitive because they can be used for impersonation, account fraud and identity verification abuse. Insurance records can also expose details about vehicles, policies, claims and household drivers.
TechCrunch said AssuranceAmerica did not respond to questions about whether the company had contact with the hackers or paid a ransom. The company has not publicly identified the group behind the intrusion.
The incident follows several recent breaches involving government-issued identity documents. In June, Texas officials said hackers stole information tied to at least 3 million driver’s licenses and passport numbers from the state’s parks and wildlife division.
Other recent security lapses have exposed identity documents through systems used for hotel check-ins, money transfers, prison communications and visa services. The risks are growing as more websites and apps ask users to upload IDs for verification, including under new age-checking rules in several countries.
For affected AssuranceAmerica customers, the most important steps are to review the company’s notice, monitor financial and insurance accounts, and watch for suspicious activity involving driver’s license information. The breach shows how valuable ordinary identity documents have become for cybercriminals, especially when paired with insurance and contact records.
Featured image credits: Magnific.com
For more stories like it, click the +Follow button at the top of this page to follow us.
