
AssuranceAmerica is notifying nearly 7 million people that hackers stole sensitive customer information, including driver's license numbers, following a cyberattack discovered in March.
The incident affected 6.99 million individuals, making it the largest known exposure of Americans' driver's license information reported so far this year.
The Atlanta-based auto insurance provider disclosed in notification letters sent to affected individuals that it detected suspicious activity within its network on March 17, 2026. An investigation with the assistance of external digital forensics specialists determined that an unauthorized third party had accessed portions of the company's IT environment and copied data files after compromising an employee's credentials on March 16. The review of the stolen files concluded on June 15, after which the company began notifying impacted customers.
Founded in 1998, AssuranceAmerica provides automobile and renters insurance across more than a dozen US states. As part of its underwriting and claims operations, the insurer collects extensive personal and vehicle-related information from applicants and policyholders, making it an attractive target for cybercriminals seeking identity data.
According to the company's notification letter, the compromised information includes names and one or more of the following data elements:
- Contact information
- Automobile insurance policy or account information
- Driver and vehicle information
- Claims-related information
- Driver's license numbers
The company did not state whether Social Security numbers, financial information, or payment card data were exposed in the attack.
Although AssuranceAmerica did not disclose the specific intrusion method, the notification states that the attack “targeted one of the Company's employees.” Following discovery of the incident, the insurer said it disabled compromised credentials, terminated unauthorized sessions, isolated affected systems, reset passwords, deployed enhanced monitoring and threat detection tools, and provided additional cybersecurity training to employees. Law enforcement was also notified.
The scale of the breach emerged through regulatory filings. TechCrunch first reported that AssuranceAmerica listed 6,998,886 affected individuals in breach notifications submitted to state authorities, citing filings with the attorneys general of Indiana and Maine. The figure makes the incident the largest publicly disclosed breach involving driver's license numbers in the United States this year.
Driver's license numbers have become increasingly valuable to cybercriminals because they can be used alongside other personal information to facilitate identity theft, fraudulent account creation, loan applications, and impersonation attacks.
In its notification letter, AssuranceAmerica said it is not offering complimentary identity theft protection or credit monitoring services to affected individuals. Instead, the company recommends that customers closely monitor bank accounts and financial statements, review their credit reports for suspicious activity, and consider placing fraud alerts or security freezes with the major credit reporting agencies.
Individuals who receive a notification from AssuranceAmerica should remain alert for phishing emails or phone calls referencing insurance claims or policy information, monitor their credit reports and financial accounts for unauthorized activity, and report any suspected identity theft immediately to their financial institutions and the appropriate authorities.







Leave a Reply