Insurance company AssuranceAmerica exposes 6.9 million drivers following major data breach — here's what we know

A hand about to touch a phone. Superimposed on top of it is a pink triangle with exclamation mark inside it. Behind it is a computer display with code on it
(Image credit: Getty Images)

  • AssuranceAmerica reports breach affecting 6,998,886 customers, with attackers stealing credentials and exfiltrating sensitive insurance and driver data
  • Company reset passwords, isolated systems, and deployed enhanced monitoring; warns victims of phishing risks using stolen details
  • No group has claimed responsibility, and stolen data has not yet surfaced on the dark web, though ransom pressure tactics are common in such cases

AssuranceAmerica, an insurance company operating thousands of independent agents across the US, has confirmed suffering a cyberattack in which it lost sensitive data on almost seven million customers.

The company filed a new report with the Office of the Maine Attorney General, confirming the breach and sharing a copy of the notification letter it will soon send out to the 6,998,886 affected individuals.

In the report, the company said an unidentified threat actor stole login credentials and moved into the network, grabbing names, contact information, automobile insurance policy or insurance account information, driver or vehicle information, claims-related information, and driver's license numbers.

Latest Videos From

Data can be used for phishing

The attackers were spotted on March 17 2026 and were quickly locked out of the company’s network.

Affected systems were isolated, and law enforcement notified. AssuranceAmerica also reset everyone’s passwords, deployed enhanced monitoring and threat detection tools, and warned its staff to remain vigilant.

AssuranceAmerica has warned customers to be careful about incoming emails and other communications, especially those claiming to come from the company itself.

Using the information obtained in the breach, criminals can create highly convincing emails, tricking victims into making fraudulent payments, sharing login credentials to corporate and banking environments, or even downloading malware and ransomware.

So far, no one has claimed responsibility for this attack, and the data is yet to surface anywhere on the dark web. Usually, criminals would post snippets or samples on their websites, in an attempt to pressure the victim company into paying ransom for the files.

BleepingComputer notes AssuranceAmerica operates through a network of more than 9,500 independent agents, providing auto, renters, and commercial auto insurance coverage in 14 US states.


Best antivirus software header
The best antivirus for all budgets

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.


Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.