U.S. insurance coverage supplier AssuranceAmerica has confirmed an information breach affecting the non-public data and driver’s license numbers of 6.9 million folks, making it the most important identified spill of People’ driver’s license data this yr.
Based in 1998, AssuranceAmerica supplies automotive and rental insurance coverage to prospects throughout greater than a dozen U.S. states. As a big insurance coverage supplier, the corporate handles massive quantities of details about potential insurance coverage prospects and car drivers, together with their private data and particulars about their state-issued driver’s licenses. Within the arms of a malicious particular person, a driver’s license quantity can be utilized for fraud and impersonation.
In an information breach discover despatched to prospects and seen by TechCrunch, AssuranceAmerica mentioned it found hackers in its pc methods on March 17. The corporate concluded its investigation on June 15, discovering that the hackers had stolen prospects’ names, contact data, and driver’s license numbers.
The breach discover mentioned the hackers additionally took details about prospects’ auto insurance coverage insurance policies and accounts, their drivers and automobiles, and particulars about buyer claims.
The corporate didn’t present specifics about which different sorts of private data have been taken.
AssuranceAmerica didn’t specify the precise explanation for the breach, however famous that the hackers “focused one of many Firm’s staff” and that the corporate subsequently “disabled compromised credentials.” It’s unclear how these credentials have been stolen, however prior incidents involving stolen worker credentials have been linked to password-stealing malware or the use of compromised software.
TechCrunch emailed questions in regards to the incident to AssuranceAmerica CEO Joe Skruck and founder Man Millner, together with asking if the corporate had any contact with the hackers or paid a ransom. Neither responded.
In accordance to an information breach itemizing with the Indiana lawyer normal’s workplace, AssuranceAmerica listed the breach as affecting 6.99 million folks, with notification letters set to be despatched out on July 10.
A separate copy of AssuranceAmerica’s knowledge breach notification, shared by the Maine lawyer normal’s workplace at TechCrunch’s request, additionally lists the variety of affected folks at 6.99 million. (Maine’s knowledge breach portal is currently offline and under review after a fraudulent breach disclosure was printed on its web site final month.)
The incident at AssuranceAmerica follows a spate of knowledge breaches affecting driver’s licenses and different id paperwork in current months. In June, the Texas state authorities mentioned hackers stole data about at least 3 million driver’s licenses and passport numbers throughout an information breach affecting the state’s parks and wildlife division.
TechCrunch has beforehand reported on a number of safety lapses that collectively spilled hundreds of thousands of government-issued id paperwork, together with incidents with a hotel check-in system, a money transfer app, a prison payphone provider and a U.K. visa service. These knowledge spills come as web sites and apps are more and more demanding internet customers flip over their id paperwork to show they’re legally sufficiently old to entry them, amid a global push by governments to roll out age-verification laws.
Once you buy by way of hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.

