Skip to content
Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here's what we know
TechRadar
TechnologyTechRadar··2 min read

Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here's what we know

AssuranceAmerica reports breach affecting 6,998,886 customers, with attackers stealing credentials and exfiltrating sensitive insurance and driver data

Company reset passwords, isolated systems, and deployed enhanced monitoring; warns victims of phishing risks using stolen details

No group has claimed responsibility, and stolen data has not yet surfaced on the dark web, though ransom pressure tactics are common in such cases

AssuranceAmerica, an insurance company operating thousands of independent agents across the US, has confirmed suffering a cyberattack in which it lost sensitive data on almost seven million customers.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach and sharing a copy of the notification letter it will soon send out to the 6,998,886 affected individuals.

In the report, the company said an unidentified threat actor stole login credentials and moved into the network, grabbing names, contact information, automobile insurance policy or insurance account information, driver or vehicle information, claims-related information, and driver's license numbers.

Data can be used for phishing

The attackers were spotted on March 17 2026 and were quickly locked out of the company’s network.

Affected systems were isolated, and law enforcement notified. AssuranceAmerica also reset everyone’s passwords, deployed enhanced monitoring and threat detection tools, and warned its staff to remain vigilant.

AssuranceAmerica has warned customers to be careful about incoming emails and other communications, especially those claiming to come from the company itself.

Using the information obtained in the breach, criminals can create highly convincing emails, tricking victims into making fraudulent payments, sharing login credentials to corporate and banking environments, or even downloading malware and ransomware.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, no one has claimed responsibility for this attack, and the data is yet to surface anywhere on the dark web. Usually, criminals would post snippets or samples on their websites, in an attempt to pressure the victim company into paying ransom for the files.

BleepingComputer notes AssuranceAmerica operates through a network of more than 9,500 independent agents, providing auto, renters, and commercial auto insurance coverage in 14 US states.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View original source — TechRadar